CVE-2026-3693 is a vulnerability affecting the Shy2593666979 AgentChat product, specifically versions 2.0 through 2.3.0. The flaw resides in the User Endpoint component, within the functions get_user_info and update_user_info located in /src/backend/agentchat/api/v1/user.py. The vulnerability arises from improper control of resource identifiers, where the user_id parameter can be manipulated by an attacker. This improper validation allows an unauthenticated remote attacker to potentially access or modify user information that they should not have permission to interact with. The vulnerability does not require any privileges or user interaction, making it easier to exploit. The CVSS v4.0 score is 6.9 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vendor was notified early but has not responded or issued a patch. Exploit code has been published, increasing the risk of exploitation. No known active exploitation has been reported yet. The vulnerability could lead to unauthorized disclosure or modification of user data, undermining trust and potentially enabling further attacks within affected environments.

The vulnerability allows remote attackers to manipulate user identifiers without authentication, potentially leading to unauthorized access to sensitive user information or unauthorized modification of user data. This can compromise confidentiality and integrity of user records managed by AgentChat. For organizations relying on AgentChat for communication or customer interaction, this could result in data breaches, privacy violations, and loss of customer trust. Attackers could leverage this flaw to escalate privileges or pivot to other parts of the network if user data includes sensitive or administrative information. The absence of vendor response and patches increases the window of exposure. Although availability impact is limited, the integrity and confidentiality risks are significant enough to warrant immediate attention. The published exploit code raises the likelihood of exploitation attempts, especially in environments with internet-facing AgentChat deployments.

Since no official patch is available, organizations should implement compensating controls immediately. These include restricting network access to the AgentChat User Endpoint to trusted internal networks or VPNs, employing web application firewalls (WAFs) to detect and block suspicious requests manipulating user_id parameters, and monitoring logs for anomalous access patterns targeting user endpoints. Conduct thorough access reviews and limit permissions to the minimum necessary for AgentChat users. If possible, implement input validation or parameter filtering at a proxy or API gateway level to prevent unauthorized user_id manipulation. Organizations should also prepare to apply vendor patches promptly once released and consider upgrading to newer, unaffected versions if available. Regularly audit user data integrity and monitor for unauthorized changes. Finally, maintain incident response readiness to quickly address any exploitation attempts.