CVE-2026-4400 in 1millionbot Millie Chatbotinformación

Resumen (Inglés)

Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID.

Responsable

INCIBE

Reservar

2026-03-18

Divulgación

2026-03-31

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
354359	1millionbot Millie Chatbot conversations escalada de privilegios	639	No está definido	No está definido	CVE-2026-4400

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!