Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Shy2593666979 AgentChat Exposes User Data Remotely
CVE-2026-3693
Summary
A weakness in Shy2593666979 AgentChat versions up to 2.3.0 allows attackers to access sensitive user information remotely. This could lead to unauthorized access to user data. Update to the latest version of Shy2593666979 AgentChat to fix this problem.
Original title
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User ...
Original description
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-99
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026