PT-2026-52169 · Drupal+1 · Ai Agents+1

Akhil Babu

+5

·

Published

2026-06-24

·

Updated

2026-07-10

·

CVE-2026-13236

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1
Description Missing authorization allows forceful browsing within the module that provides the entity type and runtime for agents to use tools. The issue occurs because the module does not sufficiently check required permissions when a tool loads content entities. Exploitation requires that an agent be configured to use the affected tool and that the attacker has access to that agent.
Recommendations Update Drupal AI Agents versions 0.0.0 through 1.1.4 to a version newer than 1.1.4. Update Drupal AI Agents versions 1.2.0 through 1.2.5 to a version newer than 1.2.5. Update Drupal AI Agents versions 1.3.0 through 1.3.1 to a version newer than 1.3.1.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13236
DRUPAL-CONTRIB-2026-056

Affected Products

Ai Agents
Drupal/Ai Agents