CVE-2026-36719
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
CVE-2026-36719 is an information disclosure vulnerability in AgentChat version 2.3.0 that allows unauthenticated attackers to access sensitive information via the /api/v1/user/info endpoint, including SHA256 password hashes, by enumerating user IDs.
Risk Assessment
Organizations may be exposed to the disclosure of sensitive user data, potentially leading to further attacks or security breaches.
Recommendation
It is recommended to secure the API endpoint and implement authentication mechanisms to restrict access to sensitive information.
Original NVD description (English source)
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

