The Cybersecurity and Infrastructure Security Agency has added a SQL injection vulnerability in Drupal Core to its Known Exploited Vulnerabilities catalog, indicating the flaw is being actively exploited in the wild. This addition signals that threat actors are successfully targeting the weakness to compromise Drupal-based websites. Organizations running Drupal are urged to apply security patches immediately to protect their systems from potential attacks.