CVE-2026-44707— Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts
Possible ATT&CK Techniques 1AI
T1078.004 · Cloud AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44707
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts
Source: NVD (National Vulnerability Database)
Vulnerability Description
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not own and set a password. If the legitimate owner of that email later signed in to Chatwoot using Google OAuth (or another OmniAuth provider), the OAuth flow silently confirmed the existing account without invalidating the attacker's pre-set credentials. The attacker could then continue to log in with the password they had originally chosen and access any data the victim subsequently entered into the dashboard, including PII, API keys, and other sensitive information. This vulnerability is fixed in 4.13.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经验证的属主
Source: NVD (National Vulnerability Database)
Vulnerability Title
Chatwoot 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Chatwoot是Chatwoot开源的一个应用软件。客户参与套件,对讲、Zendesk、Salesforce 服务云等的开源替代方案。 Chatwoot 2.14.0版本至4.13.0之前版本存在授权问题漏洞,该漏洞源于认证流程中未强制邮箱确认,可能导致预账户接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44707
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44707
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-44707 (2)
Vendor Advisories for CVE-2026-44707 (1)
IV. Related Vulnerabilities
Same product: chatwoot
- CVE-2026-44706
Chatwoot: SQL Injection in Conversation/Contact Filter API v - CVE-2026-5205
chatwoot Webhook API trigger.rb Trigger server-side request - CVE-2026-4990
chatwoot Signup Endpoint login improper authorization - CVE-2025-12246
chatwoot Admin IframeLoader.vue cross site scripting - CVE-2025-12245
chatwoot Widget IFrameHelper.js initPostMessageCommunication
Same vendor: chatwoot
- CVE-2026-44706
Chatwoot: SQL Injection in Conversation/Contact Filter API v - CVE-2024-0640
Stored XSS in chatwoot/chatwoot - CVE-2025-21628
Chatwoot has a Blind SQL-injection in Conversation and Conta - CVE-2021-3740
Session Fixation in chatwoot/chatwoot - CVE-2021-3742
Server-Side Request Forgery (SSRF) in chatwoot/chatwoot
Same weakness: CWE-283
- CVE-2026-40337
Sentry kernel has incomplete ownership check for IRQ line ma - CVE-2026-29788
TSPortal: Anyone can forge self-deletion requests of any use - CVE-2026-27486
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL - CVE-2026-0598
Ansible-lightspeed: broken object level authorization leadin - CVE-2025-12815
Amazon Web Services Research and Engineering Studio 安全漏洞
V. Comments for CVE-2026-44707
No comments yet