Hi Z.ai team 👋

While experimenting with the web client, I noticed a possible security issue related to how frontend tokens and API requests are handled.
I didn’t find a dedicated security reporting channel, so I’m posting here to make sure it gets to the right people.

Summary

It appears that frontend session tokens issued to the browser can be reused from scripted environments to access API endpoints and models that are not exposed through the official web interface. This effectively allows:

1. Generating or rotating large numbers of session tokens automatically (for example, using Puppeteer).
2. Reconstructing valid chat/completions requests by inspecting browser traffic (Burp Suite helped confirm which fields are validated).
3. Reusing or rotating these tokens to make high-volume or unrestricted requests.
4. Calling internal models that are not listed in the public UI.

Below are examples of model entries that appear accessible but are not shown on the website (redacted identifiers for security):

{
  "id": "redacted-1",
  "name": "任务专用",
  "capabilities": { ... }
},
{
  "id": "redacted-2",
  "name": "----B-DR",
  "capabilities": { ... }
}

Potential impact

• Access to internal or restricted models.
• Unlimited API usage by rotating frontend tokens.
• Possible abuse of rate-limited or paid backend services.

My intent

I’m reporting this in good faith so it can be fixed quickly.
No data was exfiltrated or used beyond confirming the behavior.
I’m happy to share technical details privately if needed.

Thanks for your time!