PT-2026-52168 · Drupal+1 · Ai+1
Akhil Babu
+9
·
Published
2026-06-24
·
Updated
2026-07-10
·
CVE-2026-13235
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal AI versions 0.0.0 through 1.2.17
Drupal AI versions 1.3.0 through 1.3.8
Drupal AI versions 1.4.0 through 1.4.3
Description
A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack correct access validation, and some core actions are missing associated access-level definitions. This allows an agent to utilize Drupal core actions tools by bypassing access controls, provided the attacker can communicate with the affected agent and the site is configured to expose these tools to non-privileged users.
Recommendations
Update Drupal AI versions 0.0.0 through 1.2.17 to a version newer than 1.2.17.
Update Drupal AI versions 1.3.0 through 1.3.8 to a version newer than 1.3.8.
Update Drupal AI versions 1.4.0 through 1.4.3 to a version newer than 1.4.3.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai
Drupal Ai