PatchSiren cyber security CVE debrief
CVE-2026-49082 Chatway Live Chat CVE debrief
A high-severity vulnerability (CVSS Score: 7.4) was discovered in the Chatway Live Chat plugin, version 1.4.8 and earlier. This vulnerability, identified as CVE-2026-49082, allows for subscriber sensitive data exposure. The issue arises from inadequate protection of sensitive information, potentially leading to unauthorized access and disclosure of subscriber data.
- Vendor
- Chatway Live Chat
- Product
- Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of the Chatway Live Chat plugin, version 1.4.8 and earlier, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has been categorized under CWE-201. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update the Chatway Live Chat plugin to a version that addresses this vulnerability.
- Review and restrict access to sensitive information within the plugin's configuration.
Evidence notes
Evidence suggests that this vulnerability was discovered and reported through Patchstack.
Official resources
-
CVE-2026-49082 CVE record
CVE.org
-
CVE-2026-49082 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49082 was published on 2026-06-15T21:17:20.000Z and modified on 2026-06-15T21:24:32.790Z.