๐Ÿ” CVE Alert

CVE-2026-57476

MEDIUM 4.8

Deloitte AI Assist for Customer unauthenticated RAG corpus read and write

CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
0th

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.

CWE CWE-306
Vendor deloitte
Product ai assist for customer
Published Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for deloitte ai assist for customer

Be the first to know when new medium vulnerabilities affecting deloitte ai assist for customer are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

Deloitte / AI Assist for Customer
0 < 2026-03-25

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
zerotolerance.me: https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/ zerotolerance.me: https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf raw.githubusercontent.com: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json cve.org: https://www.cve.org/CVERecord?id=CVE-2026-57474

Credits

Karim El Labban, Zero Tolerance