PatchSiren

Deloitte CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Deloitte CVE published 2026-07-10

CVE-2026-57476

CVE-2026-57476 involves Deloitte AI Assist for Customer, which had exposed unauthenticated API endpoints allowing an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints. This vulnerability has a CV [truncated]

MEDIUM Deloitte CVE published 2026-07-10

CVE-2026-57475

A vulnerability in Deloitte AI Assist for Customer allowed unauthenticated POST requests through public-facing API endpoints, permitting a remote attacker to make limited additions to the configuration. However, these additions were not used by the system. The issue was mitigated on 2026-03-25 when AI Assist for Customer restricted network access and enforced authentication for the previously exposed endp [truncated]

MEDIUM Deloitte CVE published 2026-07-10

CVE-2026-57474

CVE-2026-57474 was reported in Deloitte AI Assist for Customer, a software tool that uses artificial intelligence to assist customers. The vulnerability allowed some configuration information to be disclosed through public-facing API endpoints that accepted unauthenticated requests. This could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and e [truncated]