Incorrect Authorization Vulnerability in Drupal AI Agents
CVE-2026-13237

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-13237?

An authorization flaw exists in the Drupal AI Agents that can lead to forceful browsing. This vulnerability affects multiple versions of AI Agents, allowing users to gain unauthorized access to resources that should be restricted. Affected users should update their installations to mitigate potential risks. For more details, see the official Drupal advisory.

Affected Version(s)

AI Agents 0.0.0 < 1.1.4

AI Agents 1.2.0 < 1.2.5

AI Agents 1.3.0 < 1.3.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew Belcher (andrewbelcher)
Rob Edwards (rob_e)
Andrew Belcher (andrewbelcher)
Marcus Johansson (marcus_johansson)
Rob Edwards (rob_e)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.