GROWI, an open-source wiki platform developed by GROWI, Inc., is affected by a regular expression denial of service (ReDoS) vulnerability. The flaw stems from improper handling of crafted input strings that can trigger catastrophic backtracking in vulnerable regex patterns, leading to resource exhaustion and service unavailability. The vulnerability is classified as CWE-1333 (Inefficient Regular Expressio [truncated]
A stored cross-site scripting (XSS) vulnerability affects GROWI v7.4.6 and earlier. If exploited, this flaw allows an attacker to execute arbitrary scripts in a user's web browser. The vulnerability was published on April 15, 2026, and last modified on May 19, 2026. The CVSS 4.0 score of 4.8 reflects a medium severity with network attack vector, low attack complexity, and required user interaction. The we [truncated]
CVE-2026-25083 is a HIGH severity authorization bypass vulnerability affecting GROWI wiki platform versions 7.4.5 and earlier. The vulnerability exists in OpenAI thread/message API endpoints that fail to enforce proper access controls. A logged-in attacker with knowledge of a shared AI assistant's identifier can view and modify other users' threads and messages without authorization. The CVSS 4.0 vector i [truncated]
