Home

Description

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.

PUBLISHED Reserved 2026-06-24 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-862 Missing Authorization

Product status

0.0.0 (semver) before 1.21.0
affected

Credits

Mustafa Ahmed (mustafa007) finder

Sascha Grossenbacher (berdir) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-061

cve.org (CVE-2026-13241)

nvd.nist.gov (CVE-2026-13241)

Download JSON