PatchSiren cyber security CVE debrief
CVE-2026-40788 QuantumCloud CVE debrief
CVE-2026-40788 is a HIGH severity vulnerability (CVSS Score: 7.1) affecting the ChatBot plugin versions <= 7.9.7. The vulnerability is caused by a Broken Access Control issue, specifically CWE-862. This vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- QuantumCloud
- Product
- ChatBot
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of ChatBot plugin versions <= 7.9.7 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. It allows low-privileged attackers to modify data, potentially leading to high impact.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to ChatBot plugin versions <= 7.9.7.
- Restrict access to sensitive areas of the plugin.
- Monitor plugin usage for suspicious activity.
Evidence notes
Evidence suggests that this vulnerability was discovered by Patchstack (see [ref-4]).
Official resources
-
CVE-2026-40788 CVE record
CVE.org
-
CVE-2026-40788 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40788 was published on 2026-06-15T21:16:51.060Z and last modified on 2026-06-15T21:24:32.790Z.