Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
AnalysisAI
Cross-user data exposure and tampering in GROWI v7.4.5 and earlier allows any authenticated user who learns a shared AI assistant's identifier to read or modify other users' OpenAI thread and message contents via API endpoints that omit authorization checks. The flaw stems from missing access control (CWE-862) on the AI assistant interaction layer rather than a memory-corruption or injection bug. No public exploit identified at time of analysis, and EPSS rates near-term exploitation probability at 0.04% (12th percentile).
Technical ContextAI
GROWI is an open-source enterprise wiki/collaboration platform developed by WESEEK (growi.co.jp) that integrates an OpenAI-backed AI assistant feature, mirroring the OpenAI Assistants API concept of persistent threads (conversation containers) and messages (individual turns). The vulnerability is a textbook CWE-862 Missing Authorization: the REST endpoints that read and mutate threads/messages authenticate the caller's session but never verify that the caller is the owner of the targeted thread/message resource, so any logged-in account can act on another user's thread by supplying the corresponding shared-assistant identifier. The CPE cpe:2.3:a:growi,_inc.:growi:*:*:*:*:*:*:*:* indicates all version branches up through 7.4.5 are in scope.
RemediationAI
No vendor-released patch version is cited in the provided intelligence, but the vendor has published an advisory at https://growi.co.jp/news/41/ and JPCERT's coordinated disclosure at https://jvn.jp/en/jp/JVN46373837/ - administrators should consult those advisories for the fixed release (expected to be the next version after 7.4.5) and upgrade as soon as it is available. Until a fixed build is deployed, compensating controls include disabling the OpenAI assistant integration in GROWI configuration to remove the vulnerable endpoints from the attack surface (trade-off: loss of AI assistant functionality for all users), restricting access to the GROWI instance to a trusted user pool via SSO/IdP group gating (trade-off: does not stop malicious insiders), and treating shared AI assistant identifiers as sensitive - rotate them and audit logs for unexpected thread/message reads or edits. Generic network filtering will not help because the attack uses authenticated application-layer requests.
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the inf
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authen
Remote denial of service via regular expression attack in GROWI allows unauthenticated network attackers to exhaust serv
Remote path traversal in GROWI v7.5.0 and earlier allows authenticated administrators to execute arbitrary EJS templates
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to r
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series)
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vec
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token
Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative priv
Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12343