CVE-2026-4262

Published: Mar 26, 2026

Modified: Mar 26, 2026

PUBLISHED

Description

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download/<ID>/'.

Vendor	Product	Versions
HiJiffy	HiJiffy Chatbot	affected `all versions`

Weaknesses (CWE)

CWE-863

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hijiffy-chatbot

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-4262

Description

Affected Products

Weaknesses (CWE)

References