CVE-2026-49433: DeepAI CSRF Vulnerability Enables Account Takeover
DeepAI's email change endpoint lacks CSRF (Cross-Site Request Forgery) protection, allowing attackers to hijack user accounts. An attacker who tricks a logged-in user into visiting a malicious link can silently change that user's email address, potentially locking the legitimate owner out and enabling account takeover. The vulnerability was patched on May 20, 2026.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.0 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
- Weaknesses (CWE)
- CWE-352
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The endpoint 'https://api.deepai.org/change_user_email' processes POST requests without CSRF tokens or similar anti-forgery mechanisms. When a user visits a hostile website while authenticated to DeepAI, JavaScript or form submissions can forge a request to change the registered email to an attacker-controlled address. Because the endpoint trusts the user's existing session cookies, the request succeeds. This is classified as CWE-352 (Cross-Site Request Forgery).
Business impact
Account takeover of DeepAI users poses immediate business risk: attackers gain access to stored API keys, previous queries, billing information, and any integrated services. Users may lose ability to recover their accounts if the email is changed to an attacker-controlled domain. For enterprises using DeepAI's services, compromised accounts could leak proprietary prompts, training data, or integration configurations. Reputational harm and potential regulatory notification obligations (depending on jurisdiction) add secondary costs.
Affected systems
DeepAI's user account management system is affected. The vulnerability applies to all users with active sessions who visit untrusted web content while logged into DeepAI. Organizations embedding DeepAI APIs via browser-based clients are at higher risk than server-to-server integrations, where session cookies are typically not automatically sent.
Exploitability
Exploitability requires user interaction (CWE-352 inherently requires social engineering). An attacker must craft a link or web page that lures a logged-in DeepAI user to click or visit. No specialized tools or advanced techniques are needed once a user is redirected; the forged request executes with the user's authenticated session. The barrier to entry is moderate—attackers need only basic web development skills. CVSS score of 5.0 (MEDIUM, vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) reflects the user-interaction requirement and limited impact scope.
Remediation
DeepAI patched this vulnerability on May 20, 2026. Verify that your DeepAI integration runs the patched version (check the vendor advisory for specific version numbers). Implementation should include CSRF tokens on all state-changing endpoints, same-site cookie attributes (SameSite=Strict or Lax), and server-side validation of origin/referer headers. Users should also enable multi-factor authentication if available to add a second layer of account security.
Patch guidance
Coordinate with DeepAI to confirm which version or deployment includes the fix released on 2026-05-20. If you operate a self-hosted or containerized instance of DeepAI services, rebuild and redeploy with the patched release. For cloud-based SaaS users, verify that your account has auto-updated or manually trigger an update if available. Test that the email-change endpoint now rejects forged requests and that legitimate email changes still function. Document the patch date in your compliance records.
Detection guidance
Monitor for suspicious email-change requests: unusual POST activity to 'https://api.deepai.org/change_user_email' from unexpected geographic locations or user-agents, especially if correlated with user complaints about account access loss. Implement SIEM rules to flag email-change events followed quickly by password-reset attempts. Log all CSRF token validation failures. Advise users to review their account activity logs and enable email change notifications if the service provides them.
Why prioritize this
Although the CVSS score is MEDIUM (5.0), prioritize patching because account takeover is a business-critical outcome and the user-interaction requirement is easily satisfied via phishing or malicious ads. The vulnerability became public on June 1, 2026, increasing exploit visibility. Organizations with high-value DeepAI users (researchers, developers handling sensitive data) should patch within days rather than weeks. The absence of KEV (Known Exploited Vulnerability) status does not negate the practical risk.
Risk score, explained
CVSS 5.0 reflects a network-accessible vulnerability requiring user interaction, with limited confidentiality and integrity impact scoped to a single user's account. The vector (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) indicates high attack complexity (AC:H) due to the need for social engineering, and no change in privilege or scope. However, real-world impact—account takeover—exceeds the numerical score's implications; prioritize based on business context rather than the score alone.
Frequently asked questions
Can this vulnerability be exploited without user interaction?
No. CWE-352 by definition requires an attacker to trick a logged-in user into visiting a malicious page or clicking a link. The endpoint itself does not validate CSRF tokens, but the exploit chain requires social engineering.
Does multi-factor authentication prevent this attack?
MFA does not directly prevent email change via CSRF, because the forged request uses the victim's existing authenticated session. However, if an attacker changes the email and attempts a password reset, MFA on the new email could catch the takeover. Enable MFA as a defense-in-depth measure.
What should I do if I suspect my account was compromised via this vulnerability?
Immediately change your password from a secure device, review your account activity and API keys (revoke any unauthorized ones), and contact DeepAI support to confirm your email address. If you used the same password elsewhere, change it on those accounts too.
Does this affect server-to-server API integrations?
Server-to-server integrations using API keys or OAuth tokens are not directly vulnerable, because they do not rely on browser session cookies. However, if your integration includes a web UI for account management, users accessing that UI are at risk until patched.
This analysis is provided for informational purposes and should not be construed as legal or compliance advice. Organizations are responsible for assessing their own exposure and implementing patches according to their change management processes. SEC.co makes no warranty regarding the accuracy or completeness of this information. Always verify patch details against official vendor advisories and test in non-production environments before deployment. The vulnerability data reflects information available as of the published date; refer to official sources for updates. Source: NVD (public-domain), retrieved 2026-07-08. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25435MEDIUMZeusCart 4.0 CSRF Vulnerability – Account Deactivation Risk
- CVE-2026-11020MEDIUMChrome Extension XML Cross-Origin Data Leak – Patch to 149.0.7827.53
- CVE-2026-34460MEDIUMNamelessMC OAuth State Validation Flaw Enables Session Hijacking
- CVE-2026-4071MEDIUMBirdSeed WordPress Plugin CSRF Vulnerability – Patch & Detection Guide
- CVE-2026-42073MEDIUMOpenClaude OAuth State Validation Bypass Denial of Service
- CVE-2026-45610MEDIUMWWBN AVideo 2FA CSRF Vulnerability – Cross-Site Account Takeover Risk