Missing Authorization in Drupal AI Affects Multiple Versions
CVE-2026-13235
Currently unrated
What is CVE-2026-13235?
A vulnerability in Drupal AI allows unauthorized users to access restricted content through forceful browsing. The issue stems from a lack of proper authorization checks, enabling individuals to bypass security controls and view or manipulate data without appropriate permissions. This affects various versions of the product, highlighting the need for immediate updates to mitigate potential risks.
Affected Version(s)
AI (Artificial Intelligence) 0.0.0 < 1.2.17
AI (Artificial Intelligence) 1.3.0 < 1.3.8
AI (Artificial Intelligence) 1.4.0 < 1.4.3
References
Timeline
Vulnerability published
Vulnerability Reserved
Credit
AKHIL BABU (akhil babu)
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Marcus Johansson (marcus_johansson)
DezsŠBiczó (mxr576)
Valery Lourie (valthebald)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
