CVE-2026-4263

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 26, 2026

Vendor unknown

Description

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'visitor' in '/api/v1/webchat/message'.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hijiffy-chatbot