MEDIUMCVE-2026-4263

Incorrect authorization in HiJiffy Chatbot

Platform

other

Component

hijiffy-chatbot

AI Confidence: highNVDEPSS 0.1%

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'visitor' in '/api/v1/webchat/message'.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationnone

Automatableyes

Technical Impactpartial

Affected Software

Componenthijiffy-chatbot

VendorHiJiffy

Affected rangeFixed in

all versions – all versions—

Weakness Classification (CWE)

CWE-863

Timeline

Reserved2026-03-16
Published2026-03-26
EPSS updated2026-04-02

Unpatched — 59 days since disclosure

How to fix

Actualizar a la última versión del chatbot HiJiffy. Contactar con el proveedor para obtener la versión corregida o instrucciones específicas de mitigación.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.