Project: 
Date: 
2026-June-24
Vulnerability: 
Information disclosure, Access bypass
Affected versions: 
<1.1.4 || >=1.2.0 <1.2.5 || >=1.3.0 <1.3.1
CVE IDs: 
CVE-2026-13237
Description: 

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools.

Under certain circumstances, the agent inherits deterministic parameters when invoking the same tool in one request, which can lead to information disclosure.

Solution: 

Install the latest version:

Coordinated By: