CVE-2026-13236: Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions:
Summary
CVE-2026-13236 is a missing authorization vulnerability (a flaw where the software fails to check if a user has permission to access something) in Drupal AI Agents that allows forceful browsing, which means attackers can access restricted pages or data by guessing URLs. This affects versions 0.0.0 to 1.1.4, 1.2.0 to 1.2.5, and 1.3.0 to 1.3.1.
Vulnerability Details
EPSS: 0.0%
July 10, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-13236
First tracked: July 10, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 75%