{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T12:53:25.996","vulnerabilities":[{"cve":{"id":"CVE-2026-23875","sourceIdentifier":"security-advisories@github.com","published":"2026-01-19T21:15:51.890","lastModified":"2026-06-17T10:22:14.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base. Usually, admin / mods of a Discord guild use the `jigsaw` emoji to save a specific message (chain) onto the collection's knowledge base of CrawlChat. Unfortunately an permission check (for e.g. MANAGE_SERVER; MANAGE_MESSAGES etc.) was not done, allowing normal users of the guild to information to the knowledge base. With targeting specific parts that are commonly asked, users can manipulate the content given out by the bot (on all integrations), to e.g. redirect users to a malicious site, or send information to a malicious user. Version 0.0.8 patches the issue."},{"lang":"es","value":"CrawlChat es una plataforma de código abierto, impulsada por IA, que transforma la documentación técnica en chatbots inteligentes. Antes de la versión 0.0.8, una verificación de permisos inexistente para el bot de Discord de CrawlChat permite a usuarios que no gestionan el gremio colocar contenido malicioso en la base de conocimientos de la colección. Normalmente, los administradores / moderadores de un gremio de Discord usan el emoji 'jigsaw' para guardar un mensaje específico (cadena) en la base de conocimientos de la colección de CrawlChat. Desafortunadamente, no se realizó una verificación de permisos (por ejemplo, MANAGE_SERVER; MANAGE_MESSAGES, etc.), permitiendo a los usuarios normales del gremio información a la base de conocimientos. Al apuntar a partes específicas que se preguntan comúnmente, los usuarios pueden manipular el contenido proporcionado por el bot (en todas las integraciones), para, por ejemplo, redirigir a los usuarios a un sitio malicioso, o enviar información a un usuario malicioso. La versión 0.0.8 soluciona el problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"crawlchat","product":"crawlchat","versions":[{"version":"< 0.0.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-20T15:32:57.625006Z","id":"CVE-2026-23875","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:crawlchat:crawlchat:*:*:*:*:*:*:*:*","versionEndExcluding":"0.0.8","matchCriteriaId":"D2B3FA94-6CD8-4EB0-A1D7-23661BB56EBD"}]}]}],"references":[{"url":"https://github.com/crawlchat/crawlchat/commit/f90ebb93c6a830f6cf609d683f6425af8434573a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/crawlchat/crawlchat/releases/tag/v0.0.8","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/crawlchat/crawlchat/security/advisories/GHSA-f484-62p4-6w4p","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}