3 matches found
CVE-2026-57476
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...
CVE-2026-57475
Deloitte AI Assist for Customer had an unauthenticated POST vulnerability on public API endpoints that allowed a remote attacker to perform limited additions to the configuration. These changes were not used by the system. On 2026-03-25, access was restricted and authentication enforced for the e...
EUVD-2026-42974
Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...