AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-54306: Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot all

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseDecember 13, 2024CVE-2024-54306

Summary

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into making unwanted requests on a website they're logged into) was found in the KCT AIKCT Engine Chatbot plugin affecting versions up to 1.6.2. The vulnerability allows attackers to perform unauthorized actions by exploiting this weakness in how the chatbot handles user requests.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrity

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-352

Affected Vendors

OpenAIGoogle

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 72%