PT-2026-60488 · Microsoft · Simplechat

CVE-2026-57206

·

Publicado

2026-07-16

·

Atualizado

2026-07-16

CVSS v3.1

8.6

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/single app/plugin validation endpoint.py, including POST /api/admin/plugins/test-instantiation, GET /api/admin/plugins/health-check/<plugin name>, POST /api/admin/plugins/repair/<plugin name>, and POST /api/plugins/validate, relied on @swagger route(security=get auth security()) documentation without enforcing @login required, @user required, or @admin required at runtime, allowing unauthenticated or unauthorized clients to invoke plugin validation, health, and repair behavior. This issue is fixed in version 0.241.206.

Correção

Missing Authentication

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-57206

Produtos afetados

Simplechat