Primary

Context

1millionbot Millie Chatbot Prompt Injection Vulnerability

Vulnerability

A prompt injection vulnerability has been identified in the 1millionbot Millie chatbot, affecting versions prior to 3.6.0. This vulnerability allows users to bypass chat restrictions using Boolean prompt injection techniques. By crafting questions that manipulate the chatbot's response, an attacker can extract prohibited information or execute out-of-context tasks using the chatbot's resources and OpenAI's API key. This exploitation evades the safeguards implemented during the chatbot's training, enabling access to restricted responses or behaviors.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted information and the ability to manipulate the chatbot's responses and actions, potentially misusing 1millionbot's resources and OpenAI's API key.

Remediation

Users can upgrade to version 3.6.0 or later to address this vulnerability.

Added: Mar 31, 2026, 11:18 AM

Updated: Mar 31, 2026, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

1millionbot Millie Chatbot Prompt Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating