Intel

AIKIDO-2026-794147

drupal/paragraphs is vulnerable to Access Bypass

Access BypassCVE-2026-13241 Published Jun 25, 2026

50

Medium Risk

This Affects:

PHPdrupal/paragraphs
0.0.1 - 1.20.0
Fixed in 1.21.0
Are you affected? Scan for Free

TL;DR

The Drupal Paragraphs Library module does not properly restrict access to direct child paragraphs of library items through API endpoints, allowing unauthorized access. This issue only affects sites using the paragraphs_library module where another module grants general write access to paragraphs.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/paragraphs is vulnerable to Access Bypass in versions 0.0.1 - 1.20.0.

How to fix this

Upgrade the drupal/paragraphs library to the patch version.