High severity8.1NVD Advisory· Published May 14, 2026· Updated May 15, 2026
CVE-2026-44633
CVE-2026-44633
Description
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can change the chat hash and status and then access or tamper with the chat through visitor/widget paths. The same write primitive can set operation_admin, which is later emitted as operator-side JavaScript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 4.84v
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.