PT-2026-60488 · Microsoft · Simplechat
CVE-2026-57206
·
Publicado
2026-07-16
·
Atualizado
2026-07-16
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/single app/plugin validation endpoint.py, including
POST /api/admin/plugins/test-instantiation, GET /api/admin/plugins/health-check/<plugin name>, POST /api/admin/plugins/repair/<plugin name>, and POST /api/plugins/validate, relied on @swagger route(security=get auth security()) documentation without enforcing @login required, @user required, or @admin required at runtime, allowing unauthenticated or unauthorized clients to invoke plugin validation, health, and repair behavior. This issue is fixed in version 0.241.206.Correção
Missing Authentication
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Simplechat