CVE-2026-13236

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.

Credits

Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
AKHIL BABU (akhil babu)
harivansh sharma (harivansh)
Kuniyoshi Noguchi (kuninogu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)

References