Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Drupal Security Team

Drupal Security Team Vendor Cyber Rating & Cyber Score

drupal.org

A channel for news from the volunteers of the Drupal Security Team. We're experimenting with this channel and welcome your feedback. Thanks! To contact the team, read our page on what options are available https://www.drupal.org/docs/develop/issues/issue-procedures-and-etiquette/reporting-a-security-issue Individual security advisories are published via email, RSS, Bluesky, and Mastodon. Find all of those channels at https://www.drupal.org/security/


DST A.I CyberSecurity Scoring

DST
Company Information
Website:https://www.drupal.org/drupal-security-team
Employees number:None
Number of followers:566
NAICS:541514
Industry Type:Computer and Network Security
Homepage:drupal.org
DST Risk Score (AI oriented)
Between 750 and 799
logo
DSTComputer and Network Security
Updated:
26/05/2026
750/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
DST Global Score (TPRM)
xxxx
logo
DSTComputer and Network Security
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

DST
DSTFair
Current Score
750Baa (FAIR)
01000
1 incidents
-1 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750Before Incident
JUNE 2026
750Before Incident
MAY 2026
751Before Incident
Vulnerability
26 May 2026DST
Drupal: CISA orders feds to patch actively exploited Drupal vulnerability

Critical Drupal SQL Injection Flaw Under Active Exploitation

750After Incident
CRITICAL-1
DRU1779791316
Critical Drupal SQL Injection Flaw Under Active Exploitation, CISA Issues Emergency Directive The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive requiring federal agencies to patch a severe SQL injection vulnerability in Drupal’s content management system (CMS) by Wednesday, May 27, at midnight. The flaw, tracked as CVE-2026-9082, was discovered by Google/Mandiant researcher Michael Maturi and is actively being exploited in the wild. The vulnerability resides in Drupal’s database abstraction API and allows unauthenticated attackers to execute arbitrary SQL injection on PostgreSQL-powered sites through malicious requests. Successful exploitation could lead to information disclosure, privilege escalation, or remote code execution, posing a major risk to affected systems. Drupal’s security team classified the flaw as "highly critical" before releasing patches, confirming that exploitation attempts had already been detected. Security monitoring group Shadowserver has identified 670 unpatched Drupal installations exposed online, with the majority located in North America (272) and Europe (273). CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on Friday, mandating Federal Civilian Executive Branch (FCEB) agencies to remediate the issue under Binding Operational Directive (BOD) 22-01. While the directive applies only to federal agencies, CISA has urged all organizations, including private sector entities, to prioritize patching to mitigate risks. The agency emphasized that such vulnerabilities are frequent attack vectors for malicious actors and pose significant threats to enterprise security. Drupal is widely used by government agencies, educational institutions, research universities, and large enterprises, making this flaw particularly concerning. Over the past several years, CISA has flagged five Drupal vulnerabilities exploited in the wild, with two linked to ransomware attacks. Organizations are advised to apply vendor-provided patches or discontinue use of unpatched systems if mitigations are unavailable.
INCIDENT DETAILS -
TYPE
SQL Injection
IMPACT
Data Compromised: Information disclosureSystems Affected: PostgreSQL-powered Drupal installationsOperational Impact: Privilege escalation, remote code execution
DATA BREACH
Type Of Data Compromised: Sensitive information (unspecified)Sensitivity Of Data: High
APRIL 2026
751Before Incident
MARCH 2026
751Before Incident
FEBRUARY 2026
751Before Incident
JANUARY 2026
751Before Incident
DECEMBER 2025
751Before Incident
NOVEMBER 2025
751Before Incident
OCTOBER 2025
751Before Incident
SEPTEMBER 2025
751Before Incident
AUGUST 2025
751Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for DST ?
?
What was DST's A.I Rankiteo Cyber Score in June 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in May 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in April 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in March 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in February 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in January 2026 ?
?
What was DST's A.I Rankiteo Cyber Score in December 2025 ?
?
What was DST's A.I Rankiteo Cyber Score in November 2025 ?
?
What was DST's A.I Rankiteo Cyber Score in October 2025 ?
?
What was DST's A.I Rankiteo Cyber Score in September 2025 ?
?
What was DST's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on DST's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with DST ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view DST's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?