CVE-2026-42277
Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
8th
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
| CWE | CWE-639 |
| Vendor | onyx-dot-app |
| Product | onyx |
| Published | May 8, 2026 |
| Last Updated | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for onyx-dot-app onyx
Be the first to know when new medium vulnerabilities affecting onyx-dot-app onyx are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
onyx-dot-app / onyx
< 3.0.9 >= 3.1.0, < 3.1.6 >= 3.2.0, < 3.2.6