Missing Authorization Vulnerability in Drupal AI Agents
CVE-2026-13236

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-13236?

A missing authorization vulnerability in Drupal AI Agents allows attackers to engage in forceful browsing, potentially accessing unauthorized areas of the application. This affects multiple versions, revealing a critical oversight in access control mechanisms, making it essential for users to review their security configurations.

Affected Version(s)

AI Agents 0.0.0 < 1.1.4

AI Agents 1.2.0 < 1.2.5

AI Agents 1.3.0 < 1.3.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
AKHIL BABU (akhil babu)
harivansh sharma (harivansh)
Kuniyoshi Noguchi (kuninogu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)
.