VYPR
High severity8.3NVD Advisory· Published Mar 16, 2026· Updated May 19, 2026

CVE-2026-25083

CVE-2026-25083

Description

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Weseek/Growillm-fuzzy
    Range: <=7.4.5
  • GROWI, Inc./GROWIv5
    Range: v7.4.5 and earlier

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.