Unauthenticated API Vulnerability in Deloitte AI Assist for Customer
CVE-2026-57475
6.9MEDIUM
What is CVE-2026-57475?
The vulnerability in Deloitte's AI Assist for Customer allowed remote attackers to send unauthenticated POST requests to publicly accessible API endpoints, enabling limited modifications to the system's configuration. Although these changes were not utilized by the application, the potential for exploitation posed significant risks prior to corrective measures implemented on March 25, 2026, which included restricting access to affected endpoints and enforcing necessary authentication.
Affected Version(s)
AI Assist for Customer 0 < 2026-03-25
AI Assist for Customer 2026-03-25
