← voltar
CVE-2026-57476

Deloitte AI Assist for Customer unauthenticated RAG corpus read and write

CVSS 6.3 MEDIUMCWE-306
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N