Onyx-dot-app Onyx
2 CVEs affecting Onyx-dot-app Onyx. Latest disclosed: 2026-05-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42277 | Medium | 6.5 | 2026-05-08 | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download… |
CVE-2026-42276 | Medium | 4.3 | 2026-05-08 | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticat… |