PatchSiren cyber security CVE debrief
CVE-2026-36719 CC-T-454455 CVE debrief
CVE-2026-36719 is a HIGH-severity information disclosure vulnerability in AgentChat v2.3.0. The vulnerability exists in the /api/v1/user/info endpoint and allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, by enumerating user IDs. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- CC-T-454455
- Product
- AgentChat
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of AgentChat v2.3.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 7.5 and a CVSS severity of HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The weakness associated with this vulnerability is CWE-200.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of AgentChat as soon as available.
- Limit access to the /api/v1/user/info endpoint to authenticated users only.
- Implement additional security measures to protect sensitive information.
Evidence notes
The vulnerability was reported by an unknown vendor and has a trust class of official_vulnerability_database.
Official resources
-
CVE-2026-36719 CVE record
CVE.org
-
CVE-2026-36719 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-36719 was published on 2026-06-09T19:17:42.257Z and modified on 2026-06-10T20:22:41.007Z.