Skip to main content

AI Assist for Customer CVE-2026-57476

| EUVDEUVD-2026-42976 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-07-10 cisa-cg GHSA-85qw-gwgm-xj6w
6.3
CVSS 4.0 · Vendor: cisa-cg
Share

Severity by source

Vendor (cisa-cg) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

AV:N as endpoints are network-reachable; AC:H because specific undocumented parameter knowledge is required; C:L/I:L for partial corpus read and injection; no availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisa-cg).

CVSS VectorVendor: cisa-cg

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 10, 2026 - 19:01 EUVD
CVSS changed
Jul 10, 2026 - 18:22 NVD
4.8 (MEDIUM) 6.3 (MEDIUM)
Analysis Generated
Jul 10, 2026 - 18:21 vuln.today

DescriptionCVE.org

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

AnalysisAI

Unauthenticated API endpoints in Deloitte AI Assist for Customer exposed the platform's retrieval-augmented generation corpus to unauthorized read access and content injection by any network-reachable attacker who could discover the required request parameters. The root cause is missing authentication on critical internal API functions (CWE-306), enabling adversaries to exfiltrate proprietary knowledge base content or poison AI-generated responses with injected documents. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify network-accessible RAG API endpoint
Delivery
Enumerate required undocumented request parameters via reconnaissance
Exploit
Send unauthenticated HTTP request with valid parameters
Execution
Read from or inject content into RAG corpus
Impact
AI model serves attacker-influenced responses to end users

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to know or independently enumerate the specific additional parameters required by the RAG corpus API endpoints - the CVSS AC:H rating directly reflects this non-trivial prerequisite, and it is explicitly stated in the CVE description ('attacker with knowledge of additional parameters'). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.8 (Medium) reflects a network-reachable (AV:N), unauthenticated (PR:N) vulnerability requiring no user interaction (UI:N), but the AC:H modifier captures the most meaningful practical barrier: an attacker must independently discover the specific undocumented parameter structure of the API endpoints, substantially limiting opportunistic or automated exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with prior knowledge of the API endpoint structure - obtained through traffic interception, documentation review, or targeted reconnaissance against a customer deployment - sends unauthenticated HTTP requests with the required parameters to the RAG corpus API over the network. Successful exploitation allows the attacker to extract indexed enterprise documents from the knowledge base or inject fabricated content that the AI model will subsequently surface as authoritative to end users querying the platform. …
Remediation The vendor applied a server-side fix on 2026-03-25 by restricting network access to the previously exposed RAG corpus API endpoints and enforcing authentication on all previously unauthenticated routes. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57476 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy