Back to overview

CVE-2026-57476

MEDIUM
4.8
CVSS 3.1
Description
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

Metadata

CVE ID
CVE-2026-57476
State
PUBLISHED
Assigner
cisa-cg
Reserved
2026-06-24 13:52 UTC
Published
2026-07-10 17:10 UTC
Last updated
2026-07-10 17:10 UTC
Primary CWE
CWE-306
CWE-306 Missing Authentication for Critical Function
Vendor / Product
Deloitte / AI Assist for Customer
Sources
cve.org  ·  NVD

Severity & Metrics

4.8 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
Deloitte AI Assist for Customer 0 < 2026-03-25, 2026-03-25
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306 Missing Authentication for Critical Function
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.8 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Back to overview