CVE-2026-4262

Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot (affected versions not specified)

Description An incorrect authorization issue exists in HiJiffy Chatbot. This allows an attacker to download private messages belonging to other users. The issue is due to improper access control when handling requests to the /api/v1/download/<ID> API endpoint. Specifically, the ID parameter is vulnerable and can be manipulated to access unauthorized data.

Recommendations Restrict access to the /api/v1/download/<ID> API endpoint. Ensure proper authorization checks are implemented before allowing access to user messages based on the ID parameter.