Missing Authorization Vulnerability in Drupal Paragraphs by Drupal
CVE-2026-13241

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13241?

A missing authorization flaw exists in the Drupal Paragraphs module, which allows for forceful browsing. This vulnerability can be exploited when users are granted access to resources they should not have. Specifically, this issue impacts all versions from 0.0.0 to 1.21.0, emphasizing the need for timely updates and strong access controls to safeguard against unauthorized access.

Affected Version(s)

Paragraphs 0.0.0 < 1.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mustafa Ahmed (mustafa007)
Sascha Grossenbacher (berdir)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
.