CVE-2026-13237

Summary

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.

Affected Software

VendorProductVersion RangeStatus
DrupalAI Agents0.0.0 < 1.1.4affected
DrupalAI Agents1.2.0 < 1.2.5affected
DrupalAI Agents1.3.0 < 1.3.1affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

References