Configuration Information Disclosure in Deloitte AI Assist for Customer
CVE-2026-57474

6.9MEDIUM

Key Information:

Vendor

Deloitte

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57474?

The Deloitte AI Assist for Customer had a vulnerability that allowed the exposure of configuration information via its public-facing API endpoints. These endpoints accepted unauthenticated requests, making it easier for potential attackers to gather reconnaissance information. As of March 25, 2026, Deloitte implemented network access restrictions and enforced authentication for the affected endpoints to mitigate this risk.

Affected Version(s)

AI Assist for Customer 0 < 2026-03-25

AI Assist for Customer 2026-03-25

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karim El Labban, Zero Tolerance
.