Skip to main content

Onyx CVE-2026-42277

| EUVDEUVD-2026-28525 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-08 GitHub_M
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
May 08, 2026 - 06:02 EUVD
Analysis Generated
May 08, 2026 - 05:30 vuln.today
CVE Published
May 08, 2026 - 03:51 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.

AnalysisAI

Onyx versions prior to 3.0.9, 3.1.6, and 3.2.6 expose an authorization bypass in the GET /chat/file/{file_id} endpoint that permits authenticated users to download any other user's files by directly accessing file UUIDs. The endpoint enforces authentication but lacks per-file ownership validation, allowing attackers with valid credentials to exfiltrate confidential documents and chat attachments belonging to other users system-wide. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Onyx implements a file-download endpoint that accepts a file UUID as a path parameter. The vulnerability stems from inadequate authorization enforcement-the application verifies that the requester is authenticated (PR:L in CVSS) but implements no access control list or ownership check before returning the requested file. This is a classic broken access control pattern (CWE-639: Authorization Bypass Through User-Controlled Key). The endpoint trusts the file UUID alone as sufficient authorization, failing to cross-reference the requesting user's identity against the file's owner before granting access. Since UUIDs, while cryptographically random, are often discoverable through social engineering, information disclosure, or enumeration, the barrier to exploitation is minimal once a valid session token is obtained.

RemediationAI

Vendor-released patches are available: upgrade to Onyx 3.0.9, 3.1.6, or 3.2.6 (matching your current major.minor version). These versions implement proper ownership validation on the GET /chat/file/{file_id} endpoint, ensuring authenticated users can only access files they own. If immediate patching is not possible, implement a temporary compensating control by restricting network access to the GET /chat/file endpoint at the reverse proxy or firewall level to trusted internal networks only, though this reduces usability for remote users. Additionally, audit file download logs to identify unauthorized access attempts using UUID enumeration patterns. Review user account credentials and consider rotating authentication tokens for all users if the system has been unpatched for an extended period, as this addresses the authentication prerequisite for exploitation. Consult the GitHub advisory at https://github.com/onyx-dot-app/onyx/security/advisories/GHSA-vg3h-35f7-7w6r for deployment-specific guidance.

Share

CVE-2026-42277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy