CVE-2026-3693

Name of the Vulnerable Software and Affected Versions Shy2593666979 AgentChat versions prior to 2.3.1

Description A flaw exists in Shy2593666979 AgentChat related to improper control of resource identifiers. The issue resides within the get user info/update user info function located in the /src/backend/agentchat/api/v1/user.py file of the User Endpoint component. Manipulation of the user id argument can trigger the issue, and the attack can be initiated remotely. The exploit for this issue has been published.

Recommendations Update Shy2593666979 AgentChat to version 2.3.1 or later.