Description
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An attacker who knows a chat session UUID can kill another user's LLM generation mid-stream. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Published: 2026-05-08
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Insecure Direct Object Reference (CWE‑639) in the /chat/stop-chat-session endpoint. It allows any authenticated user to stop any other user's chat session by providing a chat session UUID. The primary impact is abrupt interruption of LLM generation, causing loss of context and possible incomplete responses, which can degrade user experience and disrupt business processes. No elevation of privileges or data exfiltration is possible; the flaw only affects session control.

Affected Systems

Affected systems are the Onyx open‑source AI platform, specifically versions 3.0.0 through 3.0.8, 3.1.0 through 3.1.5, and 3.2.0 through 3.2.5. The vendor is onyx-dot-app, product Onyx. The issue was first discovered before these release dates and has been fixed in 3.0.9, 3.1.6, and 3.2.6.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Attack requires that an attacker be authenticated to the platform and know a particular chat session UUID; the endpoint performs no ownership check. Exploitation is straightforward with internal or compromised credentials and can be executed over any trusted communication channel. Because the affected code runs in a server environment, the attacker can disrupt multiple users by repeatedly submitting stop-session requests.

Generated by OpenCVE AI on May 8, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Onyx version 3.0.9, 3.1.6, or 3.2.6 as soon as possible.
  • If an upgrade is not immediately possible, modify the /chat/stop-chat-session endpoint to verify that the chat_session_id belongs to the authenticated caller before allowing termination.
  • Implement logging of stop-session requests and set up alerts for anomalous activity to detect exploitation attempts.

Generated by OpenCVE AI on May 8, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An attacker who knows a chat session UUID can kill another user's LLM generation mid-stream. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Title Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T12:57:18.681Z

Reserved: 2026-04-26T11:53:27.708Z

Link: CVE-2026-42276

cve-icon Vulnrichment

Updated: 2026-05-08T12:57:15.220Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T05:16:10.557

Modified: 2026-05-08T16:02:14.343

Link: CVE-2026-42276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T06:30:46Z

Weaknesses