Cyber Posture

CVE-2026-3693

High

Published: 08 March 2026

Published
08 March 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0002 6.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3693 is a high-severity Resource Injection (CWE-99) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a public-facing web API endpoint (user.py get/update functions) via resource identifier manipulation (IDOR/CWE-99) directly matches T1190 for gaining unauthorized access or performing modifications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. It is…

more

possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-3693 is a vulnerability in Shy2593666979 AgentChat versions up to 2.3.0, affecting the get_user_info and update_user_info functions in the file /src/backend/agentchat/api/v1/user.py within the User Endpoint component. The flaw stems from improper control of resource identifiers (CWE-99), triggered by manipulation of the user_id argument.

The vulnerability enables remote exploitation by unauthenticated attackers (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N), yielding a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can achieve low impacts on confidentiality, integrity, and availability, likely allowing unauthorized access, modification, or disruption of user resources by bypassing identifier controls.

Advisories note that the vendor was contacted early regarding this disclosure but provided no response, with no patches or mitigations mentioned. Exploits have been published and are available in GitHub repositories such as https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-1 and https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-2, alongside details on VulDB at https://vuldb.com/?ctiid.349640, https://vuldb.com/?id.349640, and https://vuldb.com/?submit.765589.

Details

CWE(s)
CWE-99

CVEs Like This One

CVE-2024-57971Shared CWE-99
CVE-2025-1642Shared CWE-99
CVE-2024-5706Shared CWE-99
CVE-2023-6605Shared CWE-99

References