FeedVulnerabilityZero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data A...
VulnerabilityCyber Security News
9.5CRITICAL

Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access

📅 6 May 2026 at 11:49 UTC📰 Cyber Security NewsView original source ↗
Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access

A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Strix, the flaw allowed ordinary, low-privileged accounts to access cross-tenant data across the entire platform. The vulnerability […] The post Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A zero-authorization vulnerability in Schemata's API exposed DoD contractor access to cross-tenant data, including sensitive military training materials and U.S. service member records.

⚙️Technical Details
Affected Systems
Schemata's AI-powered virtual training platform
Attack Vectors
Zero-authorization vulnerability in API
💥Impact Assessment
Severity: critical
🛡️Recommended Actions
1Implement strict access controls for API access
2Conduct thorough security audits and penetration testing
3Enforce multi-factor authentication for all users
📦Affected Products
Schemata's AI-powered virtual training platform

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed