CVE-2026-25729 – DeepAudit Affected by User Enumeration via Broken Access Control

CVE ID : CVE-2026-25729

Published : Feb. 6, 2026, 8:30 p.m. | 48 minutes ago

Description : DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…