CVE-2026-4262

Summary

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download/<ID>/'.

Affected Software

VendorProductVersion RangeStatus
HiJiffyHiJiffy Chatbotall versionsaffected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References