Auth bypass in Drupal Ai (Artificial Intelligence)

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References