Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints. | |
| Title | Deloitte AI Assist for Customer unauthenticated RAG corpus read and write | |
| Weaknesses | CWE-306 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: cisa-cg
Published:
Updated: 2026-07-10T17:10:50.682Z
Reserved: 2026-06-24T13:52:15.600Z
Link: CVE-2026-57476
No data.
No data.
No data.
OpenCVE Enrichment
No data.