What the vulnerability does
01Description
Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download/<ID>/'.
CVSS base score
6.9/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
March 26, 2026
CVE published
June 9, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-24872 Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
CVE-2025-54838
CVE-2025-48474 FreeScout Vulnerable to Insufficient Authorization
CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards
CVE-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
