CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item id parameter lacks proper authorization checks. Attackers can enumerate sequential item id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.