CVE-2026-23875

Name of the Vulnerable Software and Affected Versions CrawlChat versions prior to 0.0.8

Description CrawlChat is a platform that converts technical documentation into intelligent chatbots. Before version 0.0.8, a missing permission check in the Discord bot component allowed users without administrative privileges to add malicious content to the knowledge base. Specifically, the absence of a check for permissions like MANAGE SERVER or MANAGE MESSAGES allowed regular users to add information to the knowledge base using the jigsaw emoji reaction. This could be exploited to manipulate the bot's responses, potentially redirecting users to malicious sites or sending information to unauthorized individuals. The affected functionality involves adding information to the collection's knowledge base.

Recommendations Update CrawlChat to version 0.0.8 or later.