CVE-2026-4399
Received Received - Intake
Boolean Prompt Injection in 1millionbot Millie Enables Data Leakage

Publication date: 2026-03-31

Last updated on: 2026-04-13

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-13
Generated
2026-05-07
AI Q&A
2026-03-31
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4399
EUVD
EUVD-2026-17357
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
1millionbot millie_chatbot to 3.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how the CVE-2026-4399 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

CVE-2026-4399 is a high-severity prompt injection vulnerability in the 1millionbot Millie chatbot versions prior to 3.6.0. It occurs when an attacker uses Boolean prompt injection techniques to craft inputs that cause the chatbot to execute injected instructions upon receiving an affirmative response ('true'). This allows the chatbot to bypass its chat restrictions and return prohibited information or perform tasks outside its intended scope.

The vulnerability enables remote attackers to misuse the chatbot service or the OpenAI API key associated with it, circumventing containment mechanisms that were put in place during the large language model training to restrict certain responses or behaviors.


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow a malicious remote attacker to abuse the 1millionbot Millie chatbot service for unintended purposes. This includes obtaining prohibited or sensitive information, executing out-of-context tasks, and potentially misusing the OpenAI API key linked to the chatbot.

Such misuse can lead to unauthorized disclosure of information and unauthorized actions performed by the chatbot, which may compromise the integrity and confidentiality of the system and its data.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-4399 vulnerability, you should update the 1millionbot Millie chatbot to version 3.6.0 or later, as this version contains the fix implemented by the 1millionbot team.

This update addresses the prompt injection flaw that allows attackers to bypass chat restrictions and misuse the chatbot or OpenAI API key.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart