Back to overview

CVE-2026-13591

MEDIUM Exploitation: PoC
5.0
CVSS 3.1
Description
A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.

Metadata

CVE ID
CVE-2026-13591
State
PUBLISHED
Assigner
VulDB
Reserved
2026-06-29 04:51 UTC
Published
2026-06-29 17:00 UTC
Last updated
2026-06-29 17:30 UTC
Primary CWE
CWE-285
Improper Authorization
Vendor / Product
DeepMyst / Mysti
Sources
cve.org  ·  NVD

Severity & Metrics

5.0 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
DeepMyst Mysti 0.4.0
Weakness (CWE)
CWESourceDescription
CWE-266 cna Incorrect Privilege Assignment
CWE-285 cna Improper Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.0 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.0 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.6 N/D 2.0 cna AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
2.3 LOW 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (8)
Back to overview