CVE-2026-4263

Summary

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter  'visitor' in '/api/v1/webchat/message'.

Affected Software

VendorProductVersion RangeStatus
HiJiffyHiJiffy Chatbotall versionsaffected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References