CVE-2026-25083 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assista…
High CVSS: 8.7

CVE-2026-25083

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2026-03-16 14:18:18
Güncelleme
2026-03-16 14:53:07
Source Identifier
vultures@jpcert.or.jp
KEV Date Added
-

Kategoriler

CWE-862 HIGH 2026

Referanslar

https://growi.co.jp/news/41/ https://jvn.jp/en/jp/JVN46373837/