QSearchQSearch

CVE-2026-22665

8.1 HIGH

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitiv...

Published: 2026-04-03 · Last updated: 2026-05-26

Severity and scoring

CVSS
8.1 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
CWE-178

Affected products

VendorProduct
fkaprompts.chat

Description

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-22664 prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that... (7.7 HIGH)
  • CVE-2026-22661 prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitr... (8.1 HIGH)

Same CWE

  • CVE-2026-53721 Nuxt is an open-source web development framework for Vue.js (8.2 HIGH)
  • CVE-2026-45062 FrankenPHP is a modern application server for PHP (8.1 HIGH)
  • CVE-2026-47346 Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypa...
  • CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends (8.7 HIGH)
  • CVE-2026-8404 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6 (3.1 LOW)