CVE-2026-44633 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 14, 2026
Live Helper Chat - Broken Access Control
Published: May 14, 2026Updated: May 14, 2026Remote Exploitable
Overview
Live Helper Chat 4.84v contains a broken access control vulnerability caused by insufficient permission checks in the REST API chat update endpoint, letting REST users with lhchat/use update chats in unauthorized departments and execute operator-side JavaScript, exploit requires REST user privileges.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can modify chat data, access unauthorized chats, and execute JavaScript on operator side, leading to data tampering and client script execution.
Mitigation
Update to the latest version with proper permission checks on chat update endpoint.
Related Resources
Details
- CVE ID
- CVE-2026-44633
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- new
CWE
- CWE-863
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N