Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.CreditsKuniyoshi Noguchi (kuninogu)Artem Dmitriiev (a.dmitriiev)AKHIL BABU (akhil babu)harivansh sharma (harivansh)Kuniyoshi Noguchi (kuninogu)Marcus Johansson (marcus_johansson)Bram Driesen (bramdriesen)Referenceshttps://www.drupal.org/sa-contrib-2026-056