Description
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.
Problem types
Product status
1.3.0 (semver) before 1.3.8
1.4.0 (semver) before 1.4.3
Credits
AKHIL BABU (akhil babu)
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Marcus Johansson (marcus_johansson)
DezsŠBiczó (mxr576)
Valery Lourie (valthebald)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
References
www.drupal.org/sa-contrib-2026-055