{"data":{"id":"211da7a8-4617-4d3b-9515-a6f0e5081616","title":"CVE-2026-13236: Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions:","summary":"CVE-2026-13236 is a missing authorization vulnerability (a flaw where the software fails to check if a user has permission to access something) in Drupal AI Agents that allows forceful browsing, which means attackers can access restricted pages or data by guessing URLs. This affects versions 0.0.0 to 1.1.4, 1.2.0 to 1.2.5, and 1.3.0 to 1.3.1.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-13236","publishedAt":"2026-07-10T22:16:39.700Z","cveId":"CVE-2026-13236","cweIds":["CWE-862"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Drupal AI Agents"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-10T22:16:39.700Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}