PT-2026-52169 · Drupal+1 · Ai Agents+1
Akhil Babu
+5
·
Published
2026-06-24
·
Updated
2026-07-10
·
CVE-2026-13236
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal AI Agents versions 0.0.0 through 1.1.4
Drupal AI Agents versions 1.2.0 through 1.2.5
Drupal AI Agents versions 1.3.0 through 1.3.1
Description
Missing authorization allows forceful browsing within the module that provides the entity type and runtime for agents to use tools. The issue occurs because the module does not sufficiently check required permissions when a tool loads content entities. Exploitation requires that an agent be configured to use the affected tool and that the attacker has access to that agent.
Recommendations
Update Drupal AI Agents versions 0.0.0 through 1.1.4 to a version newer than 1.1.4.
Update Drupal AI Agents versions 1.2.0 through 1.2.5 to a version newer than 1.2.5.
Update Drupal AI Agents versions 1.3.0 through 1.3.1 to a version newer than 1.3.1.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Agents
Drupal/Ai Agents