CVE-2026-42276

Onyx has an IDOR vulnerability in POST /chat/stop-chat-session/{chat_session_id}. Authenticated users can stop other users’ active chat sessions because the endpoint authenticates the caller but does not verify that the session belongs to them. An attacker knowing a chat_session_id can interrupt ...

PT-2026-38660

Name of the Vulnerable Software and Affected Versions Onyx versions prior to 3.0.9 Onyx versions prior to 3.1.6 Onyx versions prior to 3.2.6 Description An issue in the AI platform allows an authenticated user to terminate another user's active chat session. The endpoint...