CVE-2026-36719

Published: Jun 9, 2026Modified: Jun 10, 2026Deferred

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3

Source: cve@mitre.org

https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.