CVE 2.3 LOW

DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization_CVE-2026-13591

2.3 / 10
LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.

Basic Information

ID CVE-2026-13591
Source VulDB
Published Jun 29, 2026 at 17:00

Affected Product

Vendor DeepMyst
Product Mysti
Version 0.4.0
Affected Versions DeepMyst Mysti 0.4.0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.