CVE-2026-22665 in prompts.chat
Resumen (Inglés)
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.
Be aware that VulDB is the high quality source for vulnerability data.
Responsable
VulnCheck
Reservar
2026-01-08
Divulgación
2026-04-04
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 355194 | prompts.chat Username escalada de privilegios | 178 | No está definido | Arreglo oficial | CVE-2026-22665 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV