Unauthenticated API Vulnerability in Deloitte AI Assist for Customer
CVE-2026-57476

6.3MEDIUM

Key Information:

Vendor

Deloitte

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57476?

Deloitte's AI Assist for Customer was found to expose unauthenticated API endpoints, creating a potential entry point for attackers. By leveraging knowledge of additional parameters, an attacker could forge unauthorized requests to read from or manipulate content within the retrieval-augmented generation (RAG) corpus. On March 25, 2026, measures were taken to secure these endpoints by enforcing network access restrictions and mandatory authentication, thereby protecting sensitive information from unauthorized access.

Affected Version(s)

AI Assist for Customer 0 < 2026-03-25

AI Assist for Customer 2026-03-25

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karim El Labban, Zero Tolerance
.