Ghostwire

CVE-2026-57476: Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of...

MEDIUM CVSS 0.0

Published: July 10, 2026 | Last Modified: July 10, 2026

Description

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References