Description
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted.
Published: 2026-03-31
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unintended Information Disclosure and Service Abuse
Action: Apply Patch
AI Analysis

Impact

A prompt injection vulnerability exists in the 1millionbot Millie chatbot. The flaw allows a user to craft Boolean prompt injections that cause the model to produce an affirmative response and then execute an injected instruction. This bypasses the chatbot’s containment mechanisms, enabling an attacker to obtain restricted or prohibited information and to perform tasks outside the intended scope.

Affected Systems

The vulnerability affects all instances of 1millionbot Millie chatbot running versions earlier than 3.6.0. Public examples include any deployments of 1millionbot:Millie chat or Millie chatbot that have not applied the 3.6.0 update.

Risk and Exploitability

The flaw has a CVSS score of 8.7, indicating high severity. The EPSS score is below 1 %, suggesting low likelihood of widespread exploitation, and it is not listed in CISA’s KEV catalog. Attackers can exploit it remotely via the public chat interface by sending specially crafted Boolean queries, requiring no privileged access. Given the high severity, organizations should prioritize applying the vendor’s patch.

Generated by OpenCVE AI on April 13, 2026 at 15:09 UTC.

Remediation

Vendor Solution

The vulnerabilities have been fixed by 1millionbot team in version 3.6.0.

OpenCVE Recommended Actions

  • Apply the 1millionbot update to version 3.6.0 or newer to eliminate the prompt injection vulnerability.

Generated by OpenCVE AI on April 13, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared 1millionbot millie Chatbot
Weaknesses CWE-77
CPEs cpe:2.3:a:1millionbot:millie_chatbot:*:*:*:*:*:*:*:*
Vendors & Products 1millionbot millie Chatbot
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted.
Title Multiple vulnerabilities in 1millionbot Millie chatbot
First Time appeared 1millionbot
1millionbot millie Chat
Weaknesses CWE-1427
CPEs cpe:2.3:a:1millionbot:millie_chat:3.6.0:*:*:*:*:*:*:*
Vendors & Products 1millionbot
1millionbot millie Chat
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

1millionbot Millie Chat Millie Chatbot
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-03-31T13:31:06.385Z

Reserved: 2026-03-18T17:18:15.620Z

Link: CVE-2026-4399

cve-icon Vulnrichment

Updated: 2026-03-31T13:31:02.236Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T11:16:14.103

Modified: 2026-04-13T13:14:31.140

Link: CVE-2026-4399

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:42:26Z

Weaknesses