Description
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
Problem types
CWE-863 Incorrect Authorization
Product status
1.2.0 (semver) before 1.2.5
1.3.0 (semver) before 1.3.1
Credits
Andrew Belcher (andrewbelcher)
Rob Edwards (rob_e)
Andrew Belcher (andrewbelcher)
Marcus Johansson (marcus_johansson)
Rob Edwards (rob_e)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
References
www.drupal.org/sa-contrib-2026-057