Improper access control in AI Agents - CVE-2026-13237
Published: June 25, 2026
AI Agents
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the agent inherits deterministic parameters when invoking the same tool in one request. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.