Auth bypass in Hijiffy Chatbot

CVE-2026-4263

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter  'visitor' in '/api/v1/webchat/message'.

Vulnerability class: Broken Access Control

EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.