CVE-2026-42277 Overview
CVE-2026-42277 is an Insecure Direct Object Reference (IDOR) vulnerability in Onyx, an open-source AI platform. The GET /chat/file/{file_id} endpoint authenticates the caller but fails to verify file ownership. Any authenticated user can download files uploaded by other users by supplying the target file's UUID. The exposed data includes confidential documents, chat attachments, and other user-uploaded content. The vulnerability is tracked as [CWE-639: Authorization Bypass Through User-Controlled Key]. Maintainers patched the issue in Onyx versions 3.0.9, 3.1.6, and 3.2.6.
Critical Impact
Authenticated attackers can retrieve arbitrary user files, including confidential documents and chat attachments, by guessing or obtaining file UUIDs.
Affected Products
- Onyx versions prior to 3.0.9 (3.0.x branch)
- Onyx versions prior to 3.1.6 (3.1.x branch)
- Onyx versions prior to 3.2.6 (3.2.x branch)
Discovery Timeline
- 2026-05-08 - CVE-2026-42277 published to NVD
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-42277
Vulnerability Analysis
The vulnerability resides in the GET /chat/file/{file_id} endpoint of the Onyx platform. The endpoint accepts a file UUID as a path parameter and returns the corresponding file contents. Authentication is enforced, ensuring the requester holds a valid session. However, the handler omits an ownership or access control check that would tie the file to the requesting user. As a result, any authenticated user can request any file in the system by supplying its UUID. The flaw aligns with [CWE-639], where authorization decisions rely on a user-controlled key without enforcing object-level permissions.
Root Cause
The root cause is missing object-level authorization in the file retrieval handler. The endpoint validates session authentication but does not query whether the file's owner or associated chat matches the requesting principal. File UUIDs serve as both identifier and de facto authorization token, which violates least-privilege access control.
Attack Vector
An attacker requires a valid authenticated account on the target Onyx instance. The attacker obtains a file UUID through shared chat links, error messages, log exposure, referrer leaks, or UUID enumeration when predictable. The attacker then issues an HTTP GET request to /chat/file/{file_id} with their own session credentials. The server returns the file regardless of ownership. The attack is network-reachable and requires no user interaction from the file owner.
No verified public exploit code is available. Refer to the GitHub Security Advisory GHSA-vg3h-35f7-7w6r for vendor technical details.
Detection Methods for CVE-2026-42277
Indicators of Compromise
- HTTP access logs showing a single authenticated user account requesting numerous distinct /chat/file/{file_id} UUIDs across short time windows.
- Requests to /chat/file/{file_id} where the requesting user identifier does not match the file's owner identifier in application logs.
- Spikes in 200 OK responses on the file download endpoint without corresponding file upload activity from the same account.
Detection Strategies
- Correlate session user identifiers with file owner metadata at the application layer and alert on mismatches against the /chat/file/ route.
- Deploy web application firewall (WAF) rules that rate-limit and flag sequential UUID enumeration patterns against the file endpoint.
- Audit Onyx application logs for accounts accessing files outside their workspace or chat scope.
Monitoring Recommendations
- Forward Onyx HTTP and application logs to a centralized analytics platform and build dashboards tracking per-user file access volume.
- Establish baselines for normal file access patterns and alert on deviations such as bulk UUID retrieval.
- Review authentication logs alongside file endpoint requests to identify compromised or abusive accounts.
How to Mitigate CVE-2026-42277
Immediate Actions Required
- Upgrade Onyx to version 3.0.9, 3.1.6, or 3.2.6 depending on the deployed release branch.
- Audit application logs for prior unauthorized access to the /chat/file/{file_id} endpoint and identify potentially exposed files.
- Rotate or revoke any secrets, tokens, or credentials that may have been embedded in user-uploaded files.
Patch Information
The Onyx maintainers released fixed versions 3.0.9, 3.1.6, and 3.2.6. The patches add an ownership and access scope check to the file retrieval handler so that only authorized users can download a given file. Full details are available in the GitHub Security Advisory GHSA-vg3h-35f7-7w6r.
Workarounds
- Restrict access to the Onyx instance to trusted users only until the upgrade is applied, since exploitation requires an authenticated account.
- Place a reverse proxy or WAF in front of Onyx to rate-limit requests to /chat/file/ and block rapid UUID enumeration.
- Temporarily disable user file upload functionality if the upgrade cannot be deployed immediately and confidential data is at risk.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
