CVE-2026-13237: Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents version
Summary
CVE-2026-13237 is an incorrect authorization vulnerability (a flaw where the system fails to properly check if a user has permission to access something) in Drupal AI Agents that allows forceful browsing (accessing restricted pages by guessing or modifying URLs). The vulnerability affects multiple versions of AI Agents, including versions 0.0.0 to 1.1.4, 1.2.0 to 1.2.5, and 1.3.0 to 1.3.1.
Vulnerability Details
EPSS: 0.0%
July 10, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-13237
First tracked: July 10, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 75%