78 of 200+ self-hosted AI tools exposed other users' data
A review of more than 200 and software tools found 78 with flaws that could expose another user's data. Many tools checked ownership before deleting or changing an item but failed to make the same check when viewing it or listing its .
Item IDs were often sequential, allowing an attacker to try numbers in order instead of guessing a rare value. A login and separate workspaces therefore did not always keep each person's information private.
Most affected developers were notified privately so they could fix the problems before public details were released. Fixed products named in the research include , SurfSense, Baserow, aideepin, and Flagsmith.
Key points
- A review found cross-user data exposure in 78 of more than 200 s.
- Ownership checks were often present for changes and deletion but missing from read requests.
- could make collecting another user's data easy to automate.
- Mac mini operators should test whether one account can open data belonging to another workspace.
- , SurfSense, Baserow, aideepin, and Flagsmith had already fixed the reported issues.