Improper access control in Paragraphs - CVE-2026-13241
Published: June 25, 2026
Paragraphs
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not sufficiently restrict access to direct child paragraphs of library items through API endpoints. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.