CVE-2026-25338: Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistan
mediumvulnerabilityLLM-Specific
security
Summary
CVE-2026-25338 is a missing authorization vulnerability in the Ays Pro AI ChatBot plugin (versions up to 2.7.4), meaning the software fails to properly check whether users have permission to access certain features. This security flaw allows attackers to exploit incorrectly configured access controls (the rules that decide who can do what in the software).
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25338
First tracked: February 19, 2026 at 11:07 AM
Classified by LLM (prompt v3) · confidence: 75%