Skip to main content

Onyx AI Platform CVE-2026-42276

| EUVDEUVD-2026-28524 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-08 GitHub_M
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch available
May 08, 2026 - 06:02 EUVD
Analysis Generated
May 08, 2026 - 05:30 vuln.today
CVE Published
May 08, 2026 - 03:49 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An attacker who knows a chat session UUID can kill another user's LLM generation mid-stream. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.

AnalysisAI

Onyx versions before 3.0.9, 3.1.6, and 3.2.6 permit authenticated users to terminate any other user's active chat session via the POST /chat/stop-chat-session/{chat_session_id} endpoint without verifying session ownership. An attacker with valid credentials can interrupt another user's LLM generation mid-stream by supplying a known session UUID, causing denial of service to targeted chat sessions. Vendor-released patches are available, and no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Onyx is an open-source AI platform built to manage and interact with large language models. The vulnerability stems from an insecure direct object reference (IDOR) flaw in the chat session termination endpoint. The endpoint (POST /chat/stop-chat-session/{chat_session_id}) validates that the caller is an authenticated user via the PR:L (requires low privilege) requirement but fails to perform authorization checks confirming the caller owns or has permission to access the specified chat session UUID. This is a classic broken access control vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key). The session ID is likely a UUID predictable or discoverable through information disclosure, allowing attackers to enumerate and terminate sessions belonging to any user in the system.

RemediationAI

Upgrade Onyx to version 3.0.9, 3.1.6, or 3.2.6 (or later) depending on your current major/minor version branch. These releases include authorization checks confirming that the authenticated user owns the chat session before permitting termination. Refer to the GitHub security advisory at https://github.com/onyx-dot-app/onyx/security/advisories/GHSA-rw6w-hp62-gc8w for detailed release notes. As a temporary compensating control pending upgrade, restrict access to the POST /chat/stop-chat-session endpoint at the API gateway or reverse proxy layer to a trusted administrator role only, though this will prevent legitimate users from terminating their own sessions and should be considered a stop-gap measure, not a permanent solution.

Share

CVE-2026-42276 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy