{"data":{"id":"61ac069f-1bb8-439c-b6f4-d521c2b41f16","title":"CVE-2026-25083: GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logg","summary":"CVE-2026-25083 is a missing authorization vulnerability in GROWI (a collaboration platform) affecting version 7.4.5 and earlier. A logged-in user who knows the identifier of a shared AI assistant can view and modify other users' conversation threads and messages without permission, because the API endpoints don't properly verify whether the user should have access. This is rated as HIGH severity with a CVSS score (a 0-10 scale measuring vulnerability severity) of 8.7.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-25083","publishedAt":"2026-03-16T14:18:18.177Z","cveId":"CVE-2026-25083","cweIds":["CWE-862"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["GROWI","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00041,"patchAvailable":null,"disclosureDate":"2026-03-16T14:18:18.177Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}