CVE-2026-49433

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L                                    

Vulnerability Description

The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 02, 2026

CWE ID

CWE-352

Source

NVD

Vendor

DeepAI

Product

api.deepai.org

External References

https://deepai.org/
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-152-01.json
https://www.cve.org/CVERecord?id=CVE-2026-49433

CVE-2026-49433

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment