Unauthenticated API Vulnerability in Deloitte AI Assist for Customer
CVE-2026-57475

6.9MEDIUM

Key Information:

Vendor

Deloitte

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57475?

The vulnerability in Deloitte's AI Assist for Customer allowed remote attackers to send unauthenticated POST requests to publicly accessible API endpoints, enabling limited modifications to the system's configuration. Although these changes were not utilized by the application, the potential for exploitation posed significant risks prior to corrective measures implemented on March 25, 2026, which included restricting access to affected endpoints and enforcing necessary authentication.

Affected Version(s)

AI Assist for Customer 0 < 2026-03-25

AI Assist for Customer 2026-03-25

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karim El Labban, Zero Tolerance
.