Security Advisory

CVE-2026-25083

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-16 06:47:38

Last updated 2026-03-16 14:59:21

Assigner jpcert

State PUBLISHED

Description

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistants identifier may view and/or tamper the other users threads/messages.

← Browse all CVEs View on cve.org ↗