CVE-2026-5632

CVSS v2.0

7.5

High

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions up to 3.4.3

Description A flaw exists in the HTTP REST API Endpoint component of assafelovic gpt-researcher. Manipulation of this endpoint results in missing authentication, allowing for remote exploitation. The exploit is publicly available. The project maintainers were notified but have not yet responded.

Recommendations Versions prior to 3.4.3 should restrict access to the affected HTTP REST API Endpoint.

Exploit

Fix

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-306

Related Identifiers

CVE-2026-5632

Affected Products

Assafelovic Gpt-Researcher

CVE-2026-5632

Weakness Enumeration

Related Identifiers

Affected Products

References · 11