Server-Side Request Forgery Vulnerability in Drupal OpenAI Provider
CVE-2026-13233

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13233?

A Server-Side Request Forgery (SSRF) vulnerability exists in the Drupal OpenAI Provider, enabling attackers to manipulate server-side requests. This weakness can expose internal services and sensitive data, creating significant security risks. The affected versions span from 0.0.0 to 1.1.1 and 1.2.0 to 1.2.2, emphasizing the need for prompt updates to mitigate potential exploits.

Affected Version(s)

OpenAI Provider 0.0.0 < 1.1.1

OpenAI Provider 1.2.0 < 1.2.2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Kuniyoshi Noguchi (kuninogu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
.