Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.CreditsAndrew Belcher (andrewbelcher)Rob Edwards (rob_e)Andrew Belcher (andrewbelcher)Marcus Johansson (marcus_johansson)Rob Edwards (rob_e)Bram Driesen (bramdriesen)Greg Knaddison (greggles)Drew Webber (mcdruid)Juraj Nemec (poker10)Referenceshttps://www.drupal.org/sa-contrib-2026-057