Improper access control in AI Agents - CVE-2026-13236
Published: June 25, 2026
AI Agents
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not sufficiently check the required permissions when a tool loads content entities. A remote user can bypass implemented security restrictions and gain unauthorized access to sensitive information.