CVE-2026-36719
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
09/06/2026
Last modified:
10/06/2026
Description
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH



