Missing Authorization in Drupal AI Affects Multiple Versions
CVE-2026-13235

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13235?

A vulnerability in Drupal AI allows unauthorized users to access restricted content through forceful browsing. The issue stems from a lack of proper authorization checks, enabling individuals to bypass security controls and view or manipulate data without appropriate permissions. This affects various versions of the product, highlighting the need for immediate updates to mitigate potential risks.

Affected Version(s)

AI (Artificial Intelligence) 0.0.0 < 1.2.17

AI (Artificial Intelligence) 1.3.0 < 1.3.8

AI (Artificial Intelligence) 1.4.0 < 1.4.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

AKHIL BABU (akhil babu)
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Marcus Johansson (marcus_johansson)
Dezső Biczó (mxr576)
Valery Lourie (valthebald)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.