CVE-2026-4400

UNKNOWN 0.0

Multiple vulnerabilities in 1millionbot Millie chatbot

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

41th

Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID.

CWE	CWE-639
Vendor	1millionbot
Product	millie chat
Published	Mar 31, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for 1millionbot millie chat

Be the first to know when new unknown vulnerabilities affecting 1millionbot millie chat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

1millionbot / Millie chat

3.6.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-1millionbot-millie-chatbot

Credits

David Utón Amaya (m3n0sd0n4ld)