CVE-2026-4400

| EUVD-2026-17359 HIGH
2026-03-31 INCIBE
7.0
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 10:45 euvd
EUVD-2026-17359
Analysis Generated
Mar 31, 2026 - 10:45 vuln.today
CVE Published
Mar 31, 2026 - 10:12 nvd
HIGH 7.0

Tags

Authentication Bypass

Description

Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID.

Analysis

Insecure Direct Object Reference (IDOR) in 1millionbot Millie chat allows unauthenticated remote attackers to access other users' private chatbot conversations by manipulating conversation IDs in API requests to 'api.1millionbot.com/api/public/conversations/'. An attacker with knowledge of a target conversation ID can retrieve sensitive or confidential data without authentication. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

35
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +35
POC: 0

Share

CVE-2026-4400 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy