CVE-2026-57205 in SimpleChatinformação

Sumário

de MITRE • 16/07/2026

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in application/single_app/route_backend_users.py accepted a caller-supplied user_id and read the matching Cosmos DB user-settings document without object-level authorization, allowing a low-privilege authenticated user to retrieve another user's email address, display name, and profile image. This issue is fixed in version 0.241.203.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsável

GitHub M

Reservar

24/06/2026

Divulgação

16/07/2026

Moderação

aceite

Entrada

VDB-379547

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!