CVE-2026-3693 is a vulnerability identified in the Shy2593666979 AgentChat software, specifically affecting versions 2.0 through 2.3.0. The flaw exists in the User Endpoint component, within the functions get_user_info and update_user_info located in /src/backend/agentchat/api/v1/user.py. The vulnerability arises due to improper control of resource identifiers, where the user_id parameter can be manipulated by an attacker. This improper validation or authorization check allows remote attackers to potentially access or modify user information without authentication or user interaction. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. The impact includes partial compromise of confidentiality, integrity, and availability of user data. The vendor was notified early but has not issued any response or patch, and while no active exploitation has been observed, proof-of-concept exploits have been published publicly. This leaves organizations using AgentChat exposed to potential attacks that could lead to unauthorized data access or manipulation, undermining trust and security of the chat platform.

The vulnerability allows remote attackers to manipulate the user_id parameter in AgentChat's user endpoint functions without authentication, potentially leading to unauthorized access or modification of user data. This can compromise the confidentiality of sensitive user information, integrity by allowing unauthorized updates, and availability if attackers disrupt user-related services. Organizations relying on AgentChat for internal or customer communications risk data breaches, loss of user trust, and potential regulatory penalties if personal data is exposed. The lack of vendor response and patches increases the window of exposure. Attackers could leverage this flaw to escalate privileges, impersonate users, or disrupt operations, impacting business continuity and reputation. Given the exploit is publicly available, the risk of exploitation may increase over time, especially in environments where AgentChat is widely deployed.

Since no official patch is available, organizations should implement strict network-level access controls to limit exposure of the AgentChat user endpoint to trusted internal networks only. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious manipulations of the user_id parameter. Monitor logs for unusual access patterns or unauthorized attempts to query or update user information. Consider deploying runtime application self-protection (RASP) solutions to detect and prevent exploitation attempts in real time. If feasible, temporarily disable or restrict the affected API endpoints until a vendor patch is released. Conduct thorough code reviews and implement additional authorization checks around user_id parameters in custom deployments or forks of AgentChat. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises. Engage with the vendor or community for updates and patches, and apply them promptly once available.