---
title: >-
  Added virtual patch for CVE-2026-9082 (Unauthenticated SQL Injection in
  Drupal)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2026/05/added-virtual-patch-for-cve-2026--9082
---

An SQL injection vulnerability has been found in Drupal core for sites backed by PostgreSQL databases and has been assigned CVE-2026-9082. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services, follow the steps for your control panel below.

## Next-Gen WAF control panel

### Professional or Premier platform

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2026-9082` and then click **View** for the CVE-2026-9082 templated rule.
5. Click **Configure** and then **Add trigger**.
6. Select the **Block requests from an IP immediately if the CVE-2026-9082 signal is observed** checkbox.
7. Click **Update rule**.

### Essential platform

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. Click the **Signals** tab.
4. In the search bar, enter `CVE-2026-9082` and then click **View** for the CVE-2026-9082 tag.
5. Click the **Detections** tab and then **Add detection**.
6. Verify the switch is set to **Enabled**.
7. Click **Create detection**.
8. Click the **Alerts** tab and then **Add alert**.
9. In the **Status** area, set the switch to **Enabled**.
10. Click **Save alert**.

## Fastly control panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Workspaces**](https://manage.fastly.com/security/ngwaf/workspaces).

3. Click **Virtual Patches**.
4. In the search bar, enter `CVE-2026-9082` and then click the pencil to the right of the CVE-2026-9082 virtual patch.
5. From the **Status** menu, select **Enabled**.
6. _(Optional)_ If your workspace is in blocking mode, choose whether to **Block requests** or **Log requests** if the CVE-2026-9082 signal is observed.
7. Click **Update virtual patch**.