CVE-2026-54027

Vulnerability (CVE-2026-54027): LibreChat prior to 0.8.4-rc1 allows authenticated users to upload files via POST /api/files/images into any agent’s tool_resources (e.g., context, execute_code) without ownership/EDIT checks. A permission check was added to POST /api/files, but the image upload rou...

CVE-2026-55611 AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow

Summary Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. Details The vulnerability exists in the getflowbyidorendpointname helper...

CVE-2026-55198

Hermes WebUI prior to 0.51.443 contains an authorization bypass in the session export endpoint. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, allowing authenticated users to exfiltrate transcripts from other profiles ...

CVE-2026-53675 BuddyPress 14.4.0 Friends List IDOR via REST API

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

CVE-2026-8839 MapPress Maps for WordPress <= 2.96.6 - Unauthenticated Insecure Direct Object Reference via REST API Endpoints

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

PT-2026-47142

Name of the Vulnerable Software and Affected Versions MapPress Maps for WordPress versions prior to 2.96.7 Description An authorization bypass exists due to missing ownership verification in REST API routes registered via the Mappress Api::rest api init function. The GET...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

GHSA-XXPJ-Q764-9R6Q NocoDB: Missing Ownership Check in MCP Attachment Read

Summary A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership. Details The MCP readAttachment tool accepts...

CVE-2026-41704 Compromised VM can make arbitrary blobstore deletes

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

CVE-2026-42337

CVE-2026-42337 : MaxKB (open-source AI assistant) versions 2.8.0 and earlier are affected by a broken access control in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses the application_id from the URL path without validating ownership, allowing operations under other a...

GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

PT-2026-41187

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An Insecure Direct Object Reference IDOR exists in the Channels feature, which allows any member of a channel to modify messages sent by other members, including administrators. In the update...

PT-2026-41201

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization bypass allows any authenticated user to permanently delete files owned by other users. This occurs when a target file is referenced in any shared chat, as the has access to file...

GHSA-MQQ6-CQCX-38VG Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

EUVD-2026-28525

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...