CVE-2026-23875: Unauthorized Users Can Poison CrawlChat’s Knowledge Base via Authorization Bypass

Aegiron 8 mins0

Vulnerability Overview

CVE: CVE-2026-23875
Name: CrawlChat Authorization Bypass / Knowledge-Base Poisoning
Severity: Medium
CVSS Score: ~5.7 (Moderate risk level)
Exploitability: No widely known weaponized exploit publicly available, but the flaw is easily reproducible where permission checks are missing.
Affected Component: CrawlChat Discord bot (prior to v0.0.8)

What the Vulnerability Is

CrawlChat is a Discord bot that allows users to save messages into a searchable knowledge base, which the bot later uses to answer questions.

The intended workflow was:

  1. A moderator reacts to a Discord message with a predefined emoji.
  2. The bot detects the reaction.
  3. The bot verifies that the user who reacted has sufficient permissions.
  4. If authorized, the bot saves the message into a collection.

What went wrong:
The bot did not properly verify the permissions of the user who reacted. As a result, any regular user could trigger the save action simply by reacting with the configured emoji. The bot would then store that content in the knowledge base without validating the user’s role.

This allows unauthorized users to insert arbitrary content into the bot’s stored knowledge, resulting in knowledge-base poisoning.

Real-World Impact

Because the knowledge base directly influences the bot’s responses:

  • Users may receive incorrect, misleading, or manipulated information.
  • Poisoned entries can include malicious links, deceptive instructions, or unapproved content.
  • If CrawlChat is integrated with other systems (such as web interfaces or automation tools), poisoned data may propagate beyond Discord.

This issue does not provide direct server compromise, but it significantly impacts data integrity and trust in the system.

How the Vulnerability Could Be Abused

From a defensive and educational perspective, misuse would involve:

  • A low-privilege user posting crafted content in a Discord channel.
  • The same user reacting to that content with the save emoji.
  • The bot storing the content without verifying authorization.
  • Future users receiving poisoned responses generated from that stored data.

This is a logic-level authorization failure rather than a traditional exploit such as code injection.

Official Patch / Upgrade

The issue is resolved by enforcing permission checks before saving content.

Official patch and upgrade link:
https://github.com/crawlchat/crawlchat/releases/tag/v0.0.8

All installations should be upgraded to version 0.0.8 or later.

How to Detect Abuse or Exploitation Attempts

Detection focuses on identifying unauthorized save actions and suspicious knowledge entries.

1. Monitor Save Events and User Roles

Ensure logs capture the following fields:

  • Timestamp of the save event
  • User who initiated the save
  • User role or permissions at the time of the action
  • Original message content
  • Message author (if different from the save initiator)

Any save event triggered by a non-moderator or non-admin user should be reviewed.

2. Identify Unusual Save Patterns

Look for indicators such as:

  • Knowledge entries created by regular members.
  • Multiple save actions from the same low-privilege account.
  • Saves occurring outside normal moderation activity.
  • Content that differs significantly from typical documentation tone or structure.

Detection Rules

These examples are intended for security monitoring and defensive analysis only.

Rule 1: Unauthorized Knowledge Save

Trigger an alert when a knowledge save is performed by a user without elevated privileges.

rule: CrawlChat Unauthorized Knowledge Save
condition:
  event_type == "crawlchat_collection_save"
  AND user_role NOT IN ("admin", "moderator", "trusted")
action:
  raise alert "Knowledge base entry created by non-authorized user"

This rule assumes that user roles are captured in logs and can be correlated with the save event.

Rule 2: Suspicious Content Saved

Detect potentially harmful or unexpected content being added to the knowledge base.

rule: CrawlChat Suspicious Knowledge Content
condition:
  event_type == "crawlchat_collection_save"
  AND (
       saved_message CONTAINS "http"
    OR saved_message CONTAINS "https"
    OR saved_message CONTAINS "base64"
    OR saved_message CONTAINS "eval("
  )
action:
  raise alert "Suspicious content added to CrawlChat knowledge base"

This rule helps identify poisoning attempts that rely on external links or technical payloads.

Relevant Log Sources

To properly monitor and investigate this vulnerability, collect logs from:

  • CrawlChat application logs (reaction handling and save operations)
  • Discord audit and gateway logs (user roles, reactions)
  • Knowledge base or collection database logs
  • SIEM correlation logs
  • Webhook or integration logs, if applicable

Recommended Security Practices

  • Always validate permissions server-side before saving or modifying data.
  • Log both the action and the actor’s role at the time of execution.
  • Implement alerts for unexpected knowledge changes.
  • Periodically audit stored knowledge entries.
  • Treat AI knowledge bases as sensitive assets that require integrity controls.

Final Takeaway

CVE-2026-23875 is an authorization bypass in CrawlChat that allows unauthorized users to save content into the bot’s knowledge base. This can lead to knowledge-base poisoning and unreliable responses. The issue is resolved by upgrading to version 0.0.8 or later. Organizations should monitor save events, validate user roles, and audit stored content to detect or prevent abuse.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.