Project: 
Date: 
2026-June-24
Vulnerability: 
Access bypass
Affected versions: 
<1.1.4 || >=1.2.0 <1.2.5 || >=1.3.0 <1.3.1
CVE IDs: 
CVE-2026-13236
Description: 

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools.

The module does not sufficiently check the required permissions when a tool loads content entities.

This vulnerability is mitigated by the fact that an agent must be configured to use the affected tool, and an attacker must have access to that agent.

Solution: 

Install the latest version:

Coordinated By: