Authorization Bypass Through User-Controlled Key

CVE-2026-45402

Low

0/10

Summary

Multiple endpoints accept a user-supplied file_id and attach the referenced file to a resource the caller controls (folder knowledge, knowledge-base contents) without verifying that the caller owns or has been granted access to the file. The file's content then becomes reachable through the downstream RAG / file-content paths, allowing any authenticated user to exfiltrate any other user's private file -- and on the knowledge-base path, also to overwrite it -- given knowledge of the file's UUID. The affected versions are proir to 0.9.5.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

Advisory

Advisory Timeline

Published May 15, 2026

Authorization Bypass Through User-Controlled Key

CVE-2026-45402

Summary

CWE-639 - Authorization Bypass Through User-Controlled Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS