PT-2026-52174 · Drupal+1 · Paragraphs+1
Greg Knaddison
+3
·
Published
2026-06-24
·
Updated
2026-07-10
·
CVE-2026-13241
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal Paragraphs versions 0.0.0 through 1.21.0
Description
A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module fails to sufficiently restrict access to direct child paragraphs of library items through API endpoints. This issue is mitigated if the
paragraphs library module is not in use or if general write access to paragraphs via other modules is restricted.Recommendations
Update Drupal Paragraphs to a version later than 1.21.0.
As a temporary mitigation, disable the
paragraphs library module.Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Paragraphs
Drupal Paragraphs