Improper access control in Paragraphs - CVE-2026-13241

 

Improper access control in Paragraphs - CVE-2026-13241

Published: June 25, 2026


Vulnerability identifier: #VU135144
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-13241
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: jeroen.b
Affected software:
Paragraphs

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently restrict access to direct child paragraphs of library items through API endpoints. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.


How to mitigate CVE-2026-13241

Install updates from vendor's website.

Sources