{"data":{"id":"a17f521d-c42b-40dd-afbd-0bd1fcacb8cb","title":"CVE-2026-25338: Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistan","summary":"CVE-2026-25338 is a missing authorization vulnerability in the Ays Pro AI ChatBot plugin (versions up to 2.7.4), meaning the software fails to properly check whether users have permission to access certain features. This security flaw allows attackers to exploit incorrectly configured access controls (the rules that decide who can do what in the software).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-25338","publishedAt":"2026-02-19T09:16:18.600Z","cveId":"CVE-2026-25338","cweIds":["CWE-862"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ays Pro AI ChatBot","ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}