PT-2026-30571 · Assafelovic · Assafelovic Gpt-Researcher
Yu-Bao
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5632
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
gpt-researcher versions up to 3.4.3
Description
gpt-researcher is affected by a missing authentication issue in the HTTP REST API Endpoint. A manipulation of an unknown function within the component allows for bypassing authentication. This can be initiated remotely. A public exploit is available, and the vendor has not responded to reports of the issue.
Recommendations
Versions prior to 3.4.4 are recommended.
Exploit
Fix
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Assafelovic Gpt-Researcher