CVE-2026-57205 PUBLISHED

SimpleChat: Authenticated users can access other users' profile metadata through user IDOR endpoints

Assigner: GitHub_M
Reserved: 24.06.2026 Published: 16.07.2026 Updated: 16.07.2026

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in application/single_app/route_backend_users.py accepted a caller-supplied user_id and read the matching Cosmos DB user-settings document without object-level authorization, allowing a low-privilege authenticated user to retrieve another user's email address, display name, and profile image. This issue is fixed in version 0.241.203.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Product Status

Vendor microsoft
Product simplechat
Versions
  • Version < 0.241.203 is affected

References

Problem Types

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE
  • CWE-639: Authorization Bypass Through User-Controlled Key CWE
  • CWE-862: Missing Authorization CWE