How is CVE-2026-36719 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS to exploit it. Authentication (not-required): No credentials of any kind are needed; the /api/v1/user/info endpoint accepts unauthenticated requests. Victim interaction (not-required): Exploitation is fully automated and requires no action from any user or administrator of the affected system. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environmental configuration.

What is the impact of CVE-2026-36719?

An attacker reads SHA256 password hashes for any user account whose ID can be enumerated, enabling offline cracking attempts against those hashes. Full user ID enumeration exposes the scope of all registered accounts, leaking information about the user base size and potentially usernames or profile data returned by the endpoint. Cracked credentials derived from the exposed hashes can be used to authenticate to AgentChat or to other services where users reuse passwords.

Back to search

HIGHCVE-2026-36719Published 2026-06-09Modified 2026-06-10CNA mitre

CVE-2026-36719: An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows any unauthenticated attacker to enumerate user IDs over the network and retrieve sensitive account data. No credentials or user interaction are required to exploit this flaw. Successful exploitation exposes SHA256 password hashes for all enumerable user accounts, which can then be targeted in offline cracking attacks. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-36719 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images derived from AgentChat v2.3.0 base layers. Any image containing an affected version of AgentChat is flagged automatically in both registry scans and CI/CD pipeline checks.

Available

Triage

HarborGuard is capable of scoring this CVE at 7.5 HIGH using the CVSS v3.1 vector and weighting it against each customer environment's compliance policy to determine urgency and routing. Triage results are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

No fix version has been published upstream for CVE-2026-36719. HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated without manual intervention once a fix version is available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS to exploit it.
AuthenticationNot required
No credentials of any kind are needed; the /api/v1/user/info endpoint accepts unauthenticated requests.
Victim interactionNot required
Exploitation is fully automated and requires no action from any user or administrator of the affected system.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environmental configuration.

Blast Radius

An attacker reads SHA256 password hashes for any user account whose ID can be enumerated, enabling offline cracking attempts against those hashes.
Full user ID enumeration exposes the scope of all registered accounts, leaking information about the user base size and potentially usernames or profile data returned by the endpoint.
Cracked credentials derived from the exposed hashes can be used to authenticate to AgentChat or to other services where users reuse passwords.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is active and matches any image containing AgentChat v2.3.0 against the published advisory on every scan cycle. Because no upstream fix exists at this time, HarborGuard monitors the advisory continuously and will trigger a patched-image rebuild the moment a fix version is published. For customers with auto-remediation enabled, that rebuild will be followed by a regression test run and a PR opened against affected workloads automatically. In the interim, compensating controls worth evaluating include placing network policy rules that restrict external access to the /api/v1/user/info endpoint, adding an authentication or rate-limiting layer in front of the endpoint at the reverse-proxy or API gateway level, and auditing whether the endpoint needs to return password hashes to any legitimate caller at all. HarborGuard will surface a rebuild opportunity for this CVE to affected environments as soon as upstream ships a patch.

See how HarborGuard automates this

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

github.com

Metrics

Get notified