CVE-2026-13235

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.

Credits

AKHIL BABU (akhil babu)
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Marcus Johansson (marcus_johansson)
Dezső Biczó (mxr576)
Valery Lourie (valthebald)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)

References