prompts.chat prior to commit 1464475 contains an identity...
High severity
Unreviewed
Published
Apr 3, 2026
to the GitHub Advisory Database
•
Updated Apr 3, 2026
Description
Published by the National Vulnerability Database
Apr 3, 2026
Published to the GitHub Advisory Database
Apr 3, 2026
Last updated
Apr 3, 2026
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.
References