Configuration Information Disclosure in Deloitte AI Assist for Customer
CVE-2026-57474
6.9MEDIUM
What is CVE-2026-57474?
The Deloitte AI Assist for Customer had a vulnerability that allowed the exposure of configuration information via its public-facing API endpoints. These endpoints accepted unauthenticated requests, making it easier for potential attackers to gather reconnaissance information. As of March 25, 2026, Deloitte implemented network access restrictions and enforced authentication for the affected endpoints to mitigate this risk.
Affected Version(s)
AI Assist for Customer 0 < 2026-03-25
AI Assist for Customer 2026-03-25
