Drupal AI Missing Auth v1.4.3 Forceful Browse (CVE-2026-13235)
CVE-2026-13235 Published on July 10, 2026
AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-13235 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-13235
Want to know whenever a new CVE is published for Drupal Artificial Intelligence? stack.watch will email you.
Affected Versions
Drupal AI (Artificial Intelligence):- Version 0.0.0 and below 1.2.17 is affected.
- Version 1.3.0 and below 1.3.8 is affected.
- Version 1.4.0 and below 1.4.3 is affected.