DRUPAL-CONTRIB-2026-061

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/paragraphs/DRUPAL-CONTRIB-2026-061.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-061
Aliases
  • CVE-2026-13241
Published
2026-06-24T18:43:16Z
Modified
2026-06-24T19:15:05.478617964Z
Summary
[none]
Details

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places.
The module doesn't sufficiently restrict access to direct child paragraphs of library items through API endpoints.
This vulnerability is mitigated by the fact the paragraphs_library module must be in use and general write access to paragraphs through another module must be allowed.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/paragraphs

Package

Name
drupal/paragraphs
Purl
pkg:composer/drupal%2Fparagraphs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.21.0
Database specific
{
    "constraint": "<1.21.0"
}

Database specific

affected_versions
"<1.21.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/paragraphs/DRUPAL-CONTRIB-2026-061.json"