Cross-Site Scripting Vulnerability in Drupal AI
CVE-2026-13234

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13234?

A vulnerability exists in Drupal AI that allows an attacker to exploit improper input handling during web page generation, leading to Cross-Site Scripting (XSS) attacks. This can enable unauthorized access to user data or facilitate phishing attacks, compromising the security of the affected applications. All versions between 0.0.0 and 1.4.3 are susceptible to this vulnerability.

Affected Version(s)

AI (Artificial Intelligence) 0.0.0 < 1.2.17

AI (Artificial Intelligence) 1.3.0 < 1.3.8

AI (Artificial Intelligence) 1.4.0 < 1.4.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber (mcdruid)
Artem Dmitriiev (a.dmitriiev)
Abhisek Mazumdar (abhisekmazumdar)
AKHIL BABU (akhil babu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.