CVE-2026-42277 | Onyx up to 3.0.8/3.1.5/3.2.5 Endpoint /chat/file/ authorization (GHSA-vg3h-35f7-7w6r)

Inserito da Angelo Barbosa | Mag 8, 2026 | CVE

A vulnerability described as problematic has been identified in Onyx up to 3.0.8/3.1.5/3.2.5. Affected by this vulnerability is an unknown functionality of the file /chat/file/ of the component Endpoint. The manipulation results in authorization bypass.

This vulnerability is known as CVE-2026-42277. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-42277 | Onyx up to 3.0.8/3.1.5/3.2.5 Endpoint /chat/file/ authorization (GHSA-vg3h-35f7-7w6r)

Post correlati

CVE-2024-34929 | Campcodes Complete Web-Based School Management System 1.0 /view/find_friends.php my_index sql injection

CVE-2024-26024 | Subnet Solutions Substation Server up to 2.23.10 reliance on uncontrolled component (icsa-24-128-02)

CVE-2024-23445 | Elasticsearch up to 8.13.x access control

CVE-2024-10571 | Chartify Plugin up to 2.9.5 on WordPress source file inclusion