High severity8.3NVD Advisory· Published Mar 16, 2026· Updated May 19, 2026
CVE-2026-25083
CVE-2026-25083
Description
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GROWI, Inc./GROWIv5Range: v7.4.5 and earlier
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.