CVE-2026-3693
Published: 08 March 2026
Summary
CVE-2026-3693 is a medium-severity Resource Injection (CWE-99) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-3693 is a vulnerability in Shy2593666979 AgentChat versions up to 2.3.0, affecting the get_user_info and update_user_info functions in the file /src/backend/agentchat/api/v1/user.py within the User Endpoint component. The flaw stems from improper control of resource identifiers (CWE-99), triggered by manipulation of the user_id argument.
The vulnerability enables remote exploitation by unauthenticated attackers (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N), yielding a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can achieve low impacts on confidentiality, integrity, and availability, likely allowing unauthorized access, modification, or disruption of user resources by bypassing identifier controls.
Advisories note that the vendor was contacted early regarding this disclosure but provided no response, with no patches or mitigations mentioned. Exploits have been published and are available in GitHub repositories such as https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-1 and https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-2, alongside details on VulDB at https://vuldb.com/?ctiid.349640, https://vuldb.com/?id.349640, and https://vuldb.com/?submit.765589.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10201
Vulnerability details
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. It is…
more
possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of a public-facing web API endpoint (user.py get/update functions) via resource identifier manipulation (IDOR/CWE-99) directly matches T1190 for gaining unauthorized access or performing modifications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorization checks on user_id before allowing get_user_info or update_user_info operations, blocking the CWE-99 identifier manipulation.
Requires validation of the user_id input parameter to ensure it references only resources the authenticated caller is permitted to access.
Mandates proper issuance and binding of user identifiers so that resource IDs cannot be arbitrarily supplied or guessed by remote attackers.