CVE-2026-57474
Severity CVSS v4.0:
MEDIUM
Type:
CWE-200
Information Leak / Disclosure
Publication date:
10/07/2026
Last modified:
10/07/2026
Description
Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
5.30
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json
- https://www.cve.org/CVERecord?id=CVE-2026-57474
- https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf
- https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/



