CVE-2026-22665
HIGHprompts.chat Identity Confusion via Case-Sensitive Username Handling
Title source: cnaDescription
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.
Scores
CVSS v3
8.1
EPSS
0.0003
EPSS Percentile
9.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-178
Status
published
Products (2)
f/prompts.chat
< 1464475df2698fb7ccd0cdbc382b0750466f891d
fka/prompts.chat
< 2026-03-24
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026