CVE-2026-57476
Deloitte AI Assist for Customer unauthenticated RAG corpus read and write
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Deloitte · AI Assist for CustomerReferências
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-57474https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdfhttps://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/