CVE-2026-36719

HIGHPre-NVD 7.57.5—Trending — 3 sources updated this week

7.5

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

CVSS v3: 7.5
EG Score: 7.5(high)
EPSS: 23.7%
KEV: Not listed

Published

June 9, 2026

Last Modified

June 10, 2026

Advisory Details (1)

Auto-updated Jun 10, 2026

🔬 Proof of concept available. No patch confirmed yet.

generic🟡 PoC Available

Vulnerabilities/agent-chat/vulnerability-3 at master · CC-T-454455/Vulnerabilities · GitHub

https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3

Vendor Advisories for CVE-2026-36719(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

GHSA-qwrx-6jf6-89hf
GitHub Security AdvisoriesHigh
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0...

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-200Exposure of Sensitive Information to an Unauthorized Actor

Data Freshness Timeline

(refreshed 39× in last 7d / 61× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-22 20:32 UTCEG score recompute
2026-06-22 20:32 UTCGHSA enrichment
2026-06-22 14:25 UTCEPSS rescore
2026-06-22 14:25 UTCEPSS rescore
2026-06-22 04:50 UTCEG score recompute
2026-06-22 04:50 UTCGHSA enrichment
2026-06-21 14:56 UTCEPSS rescore
2026-06-21 14:56 UTCEPSS rescore
2026-06-21 10:20 UTCEG score recompute
2026-06-21 10:20 UTCGHSA enrichment
2026-06-21 01:59 UTCEPSS rescore
2026-06-20 21:33 UTCEG score recompute
2026-06-20 21:33 UTCGHSA enrichment
2026-06-20 09:46 UTCEG score recompute
2026-06-20 09:45 UTCGHSA enrichment
2026-06-19 21:55 UTCEG score recompute
2026-06-19 21:55 UTCGHSA enrichment
2026-06-19 19:25 UTCEPSS rescore
2026-06-19 19:25 UTCEPSS rescore
2026-06-19 09:41 UTCEG score recompute
2026-06-19 09:40 UTCGHSA enrichment
2026-06-18 21:54 UTCEG score recompute
2026-06-18 21:54 UTCGHSA enrichment
2026-06-18 17:52 UTCEPSS rescore
2026-06-18 17:52 UTCEPSS rescore

Show 36 more

2026-06-18 10:07 UTCEG score recompute
2026-06-18 10:07 UTCGHSA enrichment
2026-06-17 22:20 UTCEG score recompute
2026-06-17 22:20 UTCGHSA enrichment
2026-06-17 17:53 UTCEPSS rescore
2026-06-17 10:33 UTCEG score recompute
2026-06-17 10:33 UTCGHSA enrichment
2026-06-16 22:45 UTCEG score recompute
2026-06-16 22:45 UTCGHSA enrichment
2026-06-16 17:52 UTCEPSS rescore
2026-06-16 10:59 UTCEG score recompute
2026-06-16 10:59 UTCGHSA enrichment
2026-06-15 23:13 UTCEG score recompute
2026-06-15 23:13 UTCGHSA enrichment
2026-06-15 17:49 UTCEPSS rescore
2026-06-15 11:27 UTCEG score recompute
2026-06-15 11:27 UTCGHSA enrichment
2026-06-14 23:41 UTCEG score recompute
2026-06-14 23:41 UTCGHSA enrichment
2026-06-14 23:18 UTCEPSS rescore
2026-06-14 11:54 UTCEG score recompute
2026-06-14 11:54 UTCGHSA enrichment
2026-06-14 00:08 UTCEG score recompute
2026-06-14 00:08 UTCGHSA enrichment
2026-06-13 23:00 UTCEPSS rescore
2026-06-13 12:22 UTCEG score recompute
2026-06-13 12:22 UTCGHSA enrichment
2026-06-13 00:32 UTCEG score recompute▲ 7.50
2026-06-13 00:32 UTCGHSA enrichment
2026-06-12 23:12 UTCEPSS rescore
2026-06-12 23:12 UTCEPSS rescore
2026-06-11 14:00 UTCEPSS rescore
2026-06-10 22:18 UTCEPSS rescore
2026-06-10 15:18 UTCNVD updateCVSS v3 → 7.5 · severity → HIGH
2026-06-09 19:22 UTCEG score recompute
2026-06-09 19:21 UTCNVD updatefirst tracked

Frequently asked(5)

What is CVE-2026-36719?

CVE-2026-36719 is a high vulnerability published on June 9, 2026. An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

When was CVE-2026-36719 disclosed?

CVE-2026-36719 was first published in the National Vulnerability Database on June 9, 2026, with the most recent update on June 10, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-36719 actively exploited?

CVE-2026-36719 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 23.7% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2026-36719?

CVE-2026-36719 has a CVSS v3.1 base score of 7.5 (CISA-ADP / Vulnrichment enrichment; NVD's own analysis pending).

How do I remediate CVE-2026-36719?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-36719, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-36719

Explore →

Is Your Infrastructure Affected by CVE-2026-36719?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-36719

📅 Published

🔄 Last Modified

📋 Advisory Details (1)

Vulnerabilities/agent-chat/vulnerability-3 at master · CC-T-454455/Vulnerabilities · GitHub

📣 Vendor Advisories for CVE-2026-36719(1)

Weakness Classification(1)

Data Freshness Timeline

❓ Frequently asked(5)