Description
Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
Problem types
Product status
1.2.0 (semver) before 1.2.5
1.3.0 (semver) before 1.3.1
Credits
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
AKHIL BABU (akhil babu)
harivansh sharma (harivansh)
Kuniyoshi Noguchi (kuninogu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)
References
www.drupal.org/sa-contrib-2026-056