{"data":{"id":"3f5a93ef-11ea-44c5-99fe-4ed4ae7620ff","title":"CVE-2026-13237: Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents version","summary":"CVE-2026-13237 is an incorrect authorization vulnerability (a flaw where the system fails to properly check if a user has permission to access something) in Drupal AI Agents that allows forceful browsing (accessing restricted pages by guessing or modifying URLs). The vulnerability affects multiple versions of AI Agents, including versions 0.0.0 to 1.1.4, 1.2.0 to 1.2.5, and 1.3.0 to 1.3.1.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-13237","publishedAt":"2026-07-10T22:16:39.797Z","cveId":"CVE-2026-13237","cweIds":["CWE-863"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Drupal AI Agents"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-10T22:16:39.797Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}