CVE-2026-25729

DeepAudit Affected by User Enumeration via Broken Access Control

Description

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information.

INFO

Published Date :

2026-02-06T20:30:17.112Z

Last Modified :

2026-02-06T20:50:17.216Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-25729 vulnerability.

Vendors	Products
Lintsinghua	Deepaudit

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25729.

URL	Resource
https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd
https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact