CVE-2026-0598

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed (affected versions not specified)

Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user. This allows an attacker with valid credentials to access or modify conversations belonging to other users, potentially exposing sensitive data and enabling unauthorized manipulation of AI-generated outputs. The affected API endpoints are conversation endpoints. The vulnerable parameter is the conversation identifier.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.