Skip to main content

Millie Chat

2 CVEs product

Monthly

CVE-2026-4400 HIGH This Week

Insecure Direct Object Reference (IDOR) in 1millionbot Millie chat allows unauthenticated remote attackers to access other users' private chatbot conversations by manipulating conversation IDs in API requests to 'api.1millionbot.com/api/public/conversations/'. An attacker with knowledge of a target conversation ID can retrieve sensitive or confidential data without authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Authentication Bypass Millie Chat
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2026-4399 HIGH This Week

Prompt injection in 1millionbot Millie chatbot allows remote attackers to bypass chat restrictions using Boolean logic techniques, enabling retrieval of prohibited information and execution of unintended tasks including potential abuse of OpenAI API keys. The vulnerability exploits insufficient input validation in the LLM's containment mechanisms, permitting attackers to reformulate queries in ways that trigger affirmative responses ('true') that then execute injected instructions outside the chatbot's intended scope.

Code Injection Millie Chat
NVD
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 7.0
HIGH This Week

Insecure Direct Object Reference (IDOR) in 1millionbot Millie chat allows unauthenticated remote attackers to access other users' private chatbot conversations by manipulating conversation IDs in API requests to 'api.1millionbot.com/api/public/conversations/'. An attacker with knowledge of a target conversation ID can retrieve sensitive or confidential data without authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Authentication Bypass Millie Chat
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Prompt injection in 1millionbot Millie chatbot allows remote attackers to bypass chat restrictions using Boolean logic techniques, enabling retrieval of prohibited information and execution of unintended tasks including potential abuse of OpenAI API keys. The vulnerability exploits insufficient input validation in the LLM's containment mechanisms, permitting attackers to reformulate queries in ways that trigger affirmative responses ('true') that then execute injected instructions outside the chatbot's intended scope.

Code Injection Millie Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy