Intel

AIKIDO-2026-565022

drupal/ai_agents is vulnerable to Information Disclosure

Information DisclosureCVE-2026-13237 Published Jun 25, 2026

50

Medium Risk

This Affects:

PHPdrupal/ai_agents
0.0.1 - 1.1.3
Fixed in 1.1.4
1.2.0 - 1.2.4
Fixed in 1.2.5
1.3.0 - 1.3.0
Fixed in 1.3.1
Are you affected? Scan for Free

TL;DR

The Drupal AI Agents module may disclose information because agents can inherit deterministic parameters when invoking the same tool multiple times within a single request, causing unintended parameter reuse under certain circumstances.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/ai_agents is vulnerable to Information Disclosure in versions 0.0.1 - 1.1.3, 1.2.0 - 1.2.4 and 1.3.0 - 1.3.0.

How to fix this

Upgrade the drupal/ai_agents library to the patch version.