PT-2026-52168 · Drupal+1 · Ai+1

Akhil Babu

+9

·

Published

2026-06-24

·

Updated

2026-07-10

·

CVE-2026-13235

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3
Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack correct access validation, and some core actions are missing associated access-level definitions. This allows an agent to utilize Drupal core actions tools by bypassing access controls, provided the attacker can communicate with the affected agent and the site is configured to expose these tools to non-privileged users.
Recommendations Update Drupal AI versions 0.0.0 through 1.2.17 to a version newer than 1.2.17. Update Drupal AI versions 1.3.0 through 1.3.8 to a version newer than 1.3.8. Update Drupal AI versions 1.4.0 through 1.4.3 to a version newer than 1.4.3.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13235
DRUPAL-CONTRIB-2026-055

Affected Products

Ai
Drupal Ai