CVE-2026-57205
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in application/single_app/route_backend_users.py accepted a caller-supplied user_id and read the matching Cosmos DB user-settings document without object-level authorization, allowing a low-privilege authenticated user to retrieve another user's email address, display name, and profile image. This issue is fixed in version 0.241.203.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| microsoft | simplechat | < 0.241.203 | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/microsoft/simplechat/security/advisories/GHSA-x2jq-2m5m-65m4
- https://github.com/microsoft/simplechat/blob/main/docs/explanation/fixes/USER_PROFILE_IDOR_AUTHORIZATION_FIX.md
- https://github.com/microsoft/simplechat/releases/tag/v0.250.001
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.