CVE-2026-4263

Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot (affected versions not specified)

Description An incorrect authorization issue exists in HiJiffy Chatbot that allows an attacker to download private messages from other users. This is achieved by exploiting the visitor parameter within the '/api/v1/webchat/message' API endpoint. The vulnerable parameter visitor allows unauthorized access to messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.