CVE-2026-57476
Deloitte AI Assist for Customer unauthenticated RAG corpus read and write
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Deloitte · AI Assist for CustomerReferencias
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-57474https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdfhttps://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/