Description
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Published: 2026-05-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows any authenticated user to download any other user’s uploaded files by requesting the file UUID through the GET /chat/file/{file_id} endpoint. The request only verifies the caller is authenticated but never checks that the file belongs to the caller, enabling a classic IDOR that can expose sensitive documents and chat attachments.

Affected Systems

The issue affects the Onyx open‑source AI platform produced by onyx-dot-app. Versions prior to 3.0.9, 3.1.6 and 3.2.6 are vulnerable, including all 3.0.x releases up to 3.0.8, all 3.1.x releases up to 3.1.5 and all 3.2.x releases up to 3.2.5.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, but the lack of an ownership check means an authenticated user who knows or discovers a file UUID can download any file. This makes exploitation straightforward in environments where file identifiers are shared or guessable, allowing attackers to read confidential data.

Generated by OpenCVE AI on May 8, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to Onyx 3.0.9, 3.1.6, 3.2.6 or later, which patch the ownership validation
  • If an upgrade is not possible, restrict the /chat/file endpoint so only the original uploader can download the file
  • Monitor authentication sessions for unusual requests to /chat/file with unfamiliar file IDs

Generated by OpenCVE AI on May 8, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Title Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T21:28:14.132Z

Reserved: 2026-04-26T11:53:27.708Z

Link: CVE-2026-42277

cve-icon Vulnrichment

Updated: 2026-05-08T14:29:18.682Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-08T05:16:10.740

Modified: 2026-05-08T22:16:32.790

Link: CVE-2026-42277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T06:30:46Z

Weaknesses