Unauthenticated API Vulnerability in Deloitte AI Assist for Customer
CVE-2026-57476
6.3MEDIUM
What is CVE-2026-57476?
Deloitte's AI Assist for Customer was found to expose unauthenticated API endpoints, creating a potential entry point for attackers. By leveraging knowledge of additional parameters, an attacker could forge unauthorized requests to read from or manipulate content within the retrieval-augmented generation (RAG) corpus. On March 25, 2026, measures were taken to secure these endpoints by enforcing network access restrictions and mandatory authentication, thereby protecting sensitive information from unauthorized access.
Affected Version(s)
AI Assist for Customer 0 < 2026-03-25
AI Assist for Customer 2026-03-25
