CVE-2026-4400

Name of the Vulnerable Software and Affected Versions 1millionbot Millie chat (affected versions not specified)

Description An Insecure Direct Object Reference (IDOR) issue exists in the 1millionbot Millie chat application. This allows unauthorized access to private conversations of other users by manipulating the conversation ID. Exploitation of this issue occurs through the API endpoint 'api.1millionbot.com/api/public/conversations/'. An attacker can access sensitive or confidential data without needing credentials or to impersonate other users. The attacker requires the user's conversation ID to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.