CVE-2026-13233 PUBLISHED

OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Assigner: drupal
Reserved: 24.06.2026 Published: 10.07.2026 Updated: 10.07.2026

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.

Product Status

Vendor Drupal
Product OpenAI Provider
Versions
  • affected from 0.0.0 to 1.1.1 (excl.)
  • affected from 1.2.0 to 1.2.2 (excl.)

Credits

  • Kuniyoshi Noguchi (kuninogu) finder
  • Artem Dmitriiev (a.dmitriiev) remediation developer
  • Kuniyoshi Noguchi (kuninogu) remediation developer
  • Marcus Johansson (marcus_johansson) remediation developer
  • Bram Driesen (bramdriesen) coordinator
  • Greg Knaddison (greggles) coordinator

References

Problem Types

  • CWE-918 Server-Side Request Forgery (SSRF) CWE

Impacts

  • CAPEC-664 Server Side Request Forgery