๐Ÿ” CVE Alert

CVE-2026-13240

MEDIUM 6.5

Paragraphs - Less critical - Access bypass - SA-CONTRIB-2026-060

CVSS Score
6.5
EPSS Score
0.1%
EPSS Percentile
3th

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.

CWE CWE-862
Vendor drupal
Product paragraphs
Ecosystems
Industries
WebMedia
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for drupal paragraphs

Be the first to know when new medium vulnerabilities affecting drupal paragraphs are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / Paragraphs
0.0.0 < 1.21.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-060

Credits

Pierre Rudloff (prudloff) Sascha Grossenbacher (berdir) Pierre Rudloff (prudloff) Greg Knaddison (greggles) Pierre Rudloff (prudloff)