{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25729", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T16:48:00.427Z", "datePublished": "2026-02-06T20:30:17.112Z", "dateUpdated": "2026-02-06T20:50:17.216Z"}, "containers": {"cna": {"title": "DeepAudit Affected by User Enumeration via Broken Access Control", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q"}, {"name": "https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd", "tags": ["x_refsource_MISC"], "url": "https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd"}], "affected": [{"vendor": "lintsinghua", "product": "DeepAudit", "versions": [{"version": "<= 3.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T20:30:17.112Z"}, "descriptions": [{"lang": "en", "value": "DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information."}], "source": {"advisory": "GHSA-vmmm-48w2-q56q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T20:48:48.312806Z", "id": "CVE-2026-25729", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T20:50:17.216Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25729", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T20:48:48.312806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T20:49:02.118Z"}}], "cna": {"title": "DeepAudit Affected by User Enumeration via Broken Access Control", "source": {"advisory": "GHSA-vmmm-48w2-q56q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "lintsinghua", "product": "DeepAudit", "versions": [{"status": "affected", "version": "<= 3.0.4"}]}], "references": [{"url": "https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q", "name": "https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd", "name": "https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T20:30:17.112Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25729", "state": "PUBLISHED", "dateUpdated": "2026-02-06T20:50:17.216Z", "dateReserved": "2026-02-05T16:48:00.427Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T20:30:17.112Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lintsinghua:deepaudit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E3DCDDE-E9D3-47F8-B564-C4491EC31495", "versionEndIncluding": "3.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information."}, {"lang": "es", "value": "DeepAudit es un sistema multiagente para el descubrimiento de vulnerabilidades de c\u00f3digo. En 3.0.4 y anteriores, existe una vulnerabilidad de control de acceso inadecuado en el endpoint /api/v1/users/ que permite a cualquier usuario autenticado enumerar todos los usuarios del sistema y recuperar informaci\u00f3n sensible, incluyendo direcciones de correo electr\u00f3nico, n\u00fameros de tel\u00e9fono, nombres completos e informaci\u00f3n de rol."}], "id": "CVE-2026-25729", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T21:16:19.313", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:28:28.985536+00:00", "value": {"mitigation_remediation": ["Deploy an updated version of DeepAudit that corrects the access control flaw.", "Restrict the /api/v1/users/ endpoint to users with administrative privileges only.", "Monitor for abnormal enumeration activity and enforce least privilege on all authenticated users."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure through User Enumeration"}, "threat_synthesis": {"affected_systems": "The vulnerability affects lintsinghua DeepAudit, specifically all releases up to and including version 3.0.4. Users running these or earlier versions of the software are at risk and should verify their deployment version.", "description_and_impact": "DeepAudit, a multi\u2011agent system designed to discover code vulnerabilities, contains an improper access control flaw on the /api/v1/users/ endpoint. Any authenticated user can query this endpoint and receive a list of all users, including private data such as email addresses, phone numbers, full names, and role information. This flaw leads to sensitive personal and role data being exposed to anyone who has already authenticated to the system, potentially allowing attackers to facilitate further credential\u2011based attacks or social engineering. The weakness is identified as CWE\u2011863, improper authorization.", "risk_and_exploitability": "The calculated CVSS score is 2.1, indicating a low severity. The EPSS score is below 1%, signaling a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Inferred from the description, the likely attack vector requires an attacker to possess valid credentials to the DeepAudit instance. Once authenticated, the attacker can enumerate all users and collect sensitive data without needing any additional privileges."}}}}, "created": "2026-02-09T10:49:57.362766+00:00", "updated": "2026-04-18T13:30:45.751229+00:00", "vendors": ["lintsinghua", "lintsinghua$PRODUCT$deepaudit"]}