Crawlchat

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-23875 MEDIUM POC PATCH This Month

Improper permission validation in CrawlChat versions prior to 0.0.8 allows unauthenticated Discord guild members to inject malicious content into the bot's knowledge base through the jigsaw emoji feature, enabling attackers to manipulate chatbot responses across all integrations and redirect users to malicious sites. The vulnerability affects the AI/ML platform's ability to maintain knowledge base integrity, as normal users can bypass intended admin-only controls. Public exploit code exists for this issue, though a patch is available.

Authentication Bypass AI / ML Crawlchat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23875
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Improper permission validation in CrawlChat versions prior to 0.0.8 allows unauthenticated Discord guild members to inject malicious content into the bot's knowledge base through the jigsaw emoji feature, enabling attackers to manipulate chatbot responses across all integrations and redirect users to malicious sites. The vulnerability affects the AI/ML platform's ability to maintain knowledge base integrity, as normal users can bypass intended admin-only controls. Public exploit code exists for this issue, though a patch is available.

Authentication Bypass AI / ML Crawlchat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy