๐Ÿ” CVE Alert

CVE-2026-13233

LOW 3.3

OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

CVSS Score
3.3
EPSS Score
0.1%
EPSS Percentile
4th

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.

CWE CWE-918
Vendor drupal
Product openai provider
Ecosystems
Industries
WebMedia
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for drupal openai provider

Be the first to know when new low vulnerabilities affecting drupal openai provider are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / OpenAI Provider
0.0.0 < 1.1.1 1.2.0 < 1.2.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-053

Credits

Kuniyoshi Noguchi (kuninogu) Artem Dmitriiev (a.dmitriiev) Kuniyoshi Noguchi (kuninogu) Marcus Johansson (marcus_johansson) Bram Driesen (bramdriesen) Greg Knaddison (greggles)