—

DRUPAL-CONTRIB-2026-056

Details

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools.

The module does not sufficiently check the required permissions when a tool loads content entities.

This vulnerability is mitigated by the fact that an agent must be configured to use the affected tool, and an attacker must have access to that agent.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/ai_agents

Introduced in: 0 Fixed in: 1.1.4

Upgrade drupal/ai_agents to 1.1.4 or newer (ecosystem packagist:https://packages.drupal.org/8).

References

https://www.drupal.org/sa-contrib-2026-056 [WEB]