EUVD-2026-19188CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Analysis
Missing authentication in gpt-researcher HTTP REST API (versions ≤3.4.3) allows remote attackers to bypass access controls and interact with the API without credentials. Publicly available exploit code exists (GitHub issue #1695), enabling unauthorized information disclosure, data manipulation, and service disruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of gpt-researcher ≤3.4.3 in production and development environments using asset inventory tools; isolate affected systems to internal-only network access via firewall rules. Within 7 days: Implement network segmentation and API gateway authentication (reverse proxy with credential requirement) in front of affected instances; monitor API logs for unauthorized access patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today