CVE-2026-13236

Summary

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.

Affected Software

VendorProductVersion RangeStatus
DrupalAI Agents0.0.0 < 1.1.4affected
DrupalAI Agents1.2.0 < 1.2.5affected
DrupalAI Agents1.3.0 < 1.3.1affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

References