CVE-2026-4262

Medium CVSS: 6.9

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download/<ID>/'.

Vendor

Product

CWE

CWE-863

Yayın Tarihi

2026-03-26 10:16:25

Güncelleme

2026-03-26 15:13:15

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-863 MEDIUM 2026

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hijiffy-chatbot