Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints. | |
| Title | Deloitte AI Assist for Customer unauthenticated RAG corpus read and write | |
| Weaknesses | CWE-306 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: cisa-cg
Published:
Updated: 2026-07-10T17:10:50.682Z
Reserved: 2026-06-24T13:52:15.600Z
Link: CVE-2026-57476
No data.
No data.
No data.
OpenCVE Enrichment
No data.