CVE-2026-57205
Received Received - Intake

Information Disclosure in SimpleChat Application

Vulnerability report for CVE-2026-57205, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in application/single_app/route_backend_users.py accepted a caller-supplied user_id and read the matching Cosmos DB user-settings document without object-level authorization, allowing a low-privilege authenticated user to retrieve another user's email address, display name, and profile image. This issue is fixed in version 0.241.203.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
simplechat simplechat to 0.241.203 (exc)
microsoft simplechat to 0.241.203 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57205 is an Insecure Direct Object Reference (IDOR) vulnerability in SimpleChat versions prior to 0.241.203. It allowed authenticated users to access other users' profile data by providing a user ID in the URL of two endpoints: GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id>. The application did not verify if the caller was authorized to view the target user's data, enabling unauthorized access to email addresses, display names, and profile images.

The root cause was that these endpoints bypassed user-settings access controls and directly queried Cosmos DB using the URL path value as both the item ID and partition key. The fix added stricter authorization checks to ensure only the same user, admins, or users with shared relationships could access profile data.

Detection Guidance

To detect this vulnerability, monitor HTTP GET requests to /api/user/info/<user_id> and /api/user/profile-image/<user_id> endpoints. Check if authenticated users can access other users' data by providing arbitrary user IDs. Verify if unauthorized access returns sensitive profile details like email or display names.

Impact Analysis

An attacker with low privileges could exploit this to access sensitive profile information of other users, including email addresses, display names, and profile images. This could lead to privacy breaches, identity theft, or targeted phishing attacks. The impact is limited to confidentiality, as the vulnerability does not affect data integrity or system availability.

Compliance Impact

This vulnerability likely violates GDPR and HIPAA requirements for protecting personal and health data. GDPR mandates strict access controls and data protection measures, while HIPAA requires safeguards to prevent unauthorized access to protected health information. Exploiting this flaw could result in non-compliance, legal penalties, and reputational damage.

Mitigation Strategies

Upgrade SimpleChat to version 0.241.203 or later. Implement object-level authorization checks for profile data access. Restrict access to vulnerable endpoints or disable them until patching. Review logs for unauthorized access attempts to these endpoints.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart