Primary

Context

DeepAI Change User Email Endpoint Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability has been identified in the DeepAI endpoint 'https://api.deepai.org/change_user_email'. This endpoint accepts POST requests without any CSRF protection. As a result, an attacker could potentially trick a logged-in user into clicking a malicious link, allowing the attacker to change the user's email address and take over their account.

Impact

Exploitation of this vulnerability allows for account takeover by changing the user's email address.

Remediation

Users are advised to update to the version released on 2026-05-20, which addresses this vulnerability.

Added: Jun 1, 2026, 9:19 PM

Updated: Jun 1, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DeepAI Change User Email Endpoint Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

DeepAI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating