Auth bypass in On24 Q&a Chat

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obt…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (31.1th percentile) — read the EPSS interpretation.