What happened
Khoj (khoj-ai/khoj) up to version 2.0.0-beta.28 contains an incorrect authorization flaw in its Conversation Sharing Handler (src/khoj/routers/api_chat.py). Manipulation of the conversation.agent argument allows a remote attacker to bypass authorization controls and access conversation data or agent configurations belonging to other users. A PoC exploit has been published.
Why it matters
Khoj is an open-source AI personal assistant that manages user conversations and connects to private agents containing personal data, API configurations, and retrieval sources. An authorization bypass allows one user to read another user's private conversation history and agent settings — a serious privacy and data-isolation violation in multi-user deployments.
Attack vector
Remote authenticated attacker manipulates the conversation.agent parameter in the Conversation Sharing API to reference conversations or agent configurations belonging to other users, bypassing authorization checks in api_chat.py.
Affected systems
khoj-ai/khoj ≤ 2.0.0-beta.28
Mitigation
Upgrade to khoj-ai/khoj > 2.0.0-beta.28. Track fix in GitHub issue #1327: https://github.com/khoj-ai/khoj/issues/1327