Search

Find a vulnerability

Search criteria

    6 vulnerabilities by affine

    CVE-2026-59262 (GCVE-0-2026-59262)

    Vulnerability from nvd – Published: 2026-07-08 15:44 – Updated: 2026-07-08 19:34
    VLAI
    Title
    AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field
    Summary
    AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    affine monorepo Affected: 0 , < 0.26.3 (custom)
    Affected: 0 , ≤ 1f0bcd0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T17:43:26.413343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T19:34:54.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/toeverything/AFFiNE/issues/15179"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageURL": "pkg:npm/affine/monorepo",
              "product": "monorepo",
              "vendor": "affine",
              "versions": [
                {
                  "lessThan": "0.26.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1f0bcd0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE\u0027s histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:44:07.878Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Issue",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/toeverything/AFFiNE/issues/15179"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/toeverything/AFFiNE"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/toeverything/AFFiNE/commit/1f0bcd01a37a522393fc1b288395e3a72a79ccad"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/affine-unauthorized-document-edit-history-access-via-graphql-histories-field"
            }
          ],
          "title": "AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-59262",
        "datePublished": "2026-07-08T15:44:07.878Z",
        "dateReserved": "2026-07-04T12:17:14.302Z",
        "dateUpdated": "2026-07-08T19:34:54.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25477 (GCVE-0-2026-25477)

    Vulnerability from nvd – Published: 2026-03-02 19:14 – Updated: 2026-03-02 20:30
    VLAI
    Title
    AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
    Summary
    AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    toeverything AFFiNE Affected: < 0.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25477",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T20:29:57.272805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T20:30:32.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AFFiNE",
              "vendor": "toeverything",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-02T19:14:05.003Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289"
            }
          ],
          "source": {
            "advisory": "GHSA-wx9m-v7wq-g289",
            "discovery": "UNKNOWN"
          },
          "title": "AFFiNE: Open Redirect via Regex Bypass in redirect-proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25477",
        "datePublished": "2026-03-02T19:14:05.003Z",
        "dateReserved": "2026-02-02T16:31:35.820Z",
        "dateUpdated": "2026-03-02T20:30:32.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21853 (GCVE-0-2026-21853)

    Vulnerability from nvd – Published: 2026-03-02 18:55 – Updated: 2026-03-02 19:19
    VLAI
    Title
    AFFiNE: One-click Remote Code Execution through Custom URL Handling
    Summary
    AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    toeverything AFFiNE Affected: < 0.25.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21853",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T19:18:43.190650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T19:19:18.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AFFiNE",
              "vendor": "toeverything",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.25.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim\u2019s machine, without further interaction. This issue has been patched in version 0.25.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-02T18:55:04.978Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965"
            },
            {
              "name": "https://github.com/toeverything/AFFiNE/pull/13864",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/toeverything/AFFiNE/pull/13864"
            },
            {
              "name": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80"
            }
          ],
          "source": {
            "advisory": "GHSA-67vm-2mcj-8965",
            "discovery": "UNKNOWN"
          },
          "title": "AFFiNE: One-click Remote Code Execution through Custom URL Handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-21853",
        "datePublished": "2026-03-02T18:55:04.978Z",
        "dateReserved": "2026-01-05T16:44:16.366Z",
        "dateUpdated": "2026-03-02T19:19:18.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59262 (GCVE-0-2026-59262)

    Vulnerability from cvelistv5 – Published: 2026-07-08 15:44 – Updated: 2026-07-08 19:34
    VLAI
    Title
    AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field
    Summary
    AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    affine monorepo Affected: 0 , < 0.26.3 (custom)
    Affected: 0 , ≤ 1f0bcd0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-30 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59262",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T17:43:26.413343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T19:34:54.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/toeverything/AFFiNE/issues/15179"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageURL": "pkg:npm/affine/monorepo",
              "product": "monorepo",
              "vendor": "affine",
              "versions": [
                {
                  "lessThan": "0.26.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1f0bcd0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE\u0027s histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:44:07.878Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Issue",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/toeverything/AFFiNE/issues/15179"
            },
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/toeverything/AFFiNE"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/toeverything/AFFiNE/commit/1f0bcd01a37a522393fc1b288395e3a72a79ccad"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/affine-unauthorized-document-edit-history-access-via-graphql-histories-field"
            }
          ],
          "title": "AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-59262",
        "datePublished": "2026-07-08T15:44:07.878Z",
        "dateReserved": "2026-07-04T12:17:14.302Z",
        "dateUpdated": "2026-07-08T19:34:54.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25477 (GCVE-0-2026-25477)

    Vulnerability from cvelistv5 – Published: 2026-03-02 19:14 – Updated: 2026-03-02 20:30
    VLAI
    Title
    AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
    Summary
    AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    toeverything AFFiNE Affected: < 0.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25477",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T20:29:57.272805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T20:30:32.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AFFiNE",
              "vendor": "toeverything",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-02T19:14:05.003Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289"
            }
          ],
          "source": {
            "advisory": "GHSA-wx9m-v7wq-g289",
            "discovery": "UNKNOWN"
          },
          "title": "AFFiNE: Open Redirect via Regex Bypass in redirect-proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25477",
        "datePublished": "2026-03-02T19:14:05.003Z",
        "dateReserved": "2026-02-02T16:31:35.820Z",
        "dateUpdated": "2026-03-02T20:30:32.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21853 (GCVE-0-2026-21853)

    Vulnerability from cvelistv5 – Published: 2026-03-02 18:55 – Updated: 2026-03-02 19:19
    VLAI
    Title
    AFFiNE: One-click Remote Code Execution through Custom URL Handling
    Summary
    AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    toeverything AFFiNE Affected: < 0.25.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21853",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T19:18:43.190650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T19:19:18.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AFFiNE",
              "vendor": "toeverything",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.25.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim\u2019s machine, without further interaction. This issue has been patched in version 0.25.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-02T18:55:04.978Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965"
            },
            {
              "name": "https://github.com/toeverything/AFFiNE/pull/13864",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/toeverything/AFFiNE/pull/13864"
            },
            {
              "name": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80"
            }
          ],
          "source": {
            "advisory": "GHSA-67vm-2mcj-8965",
            "discovery": "UNKNOWN"
          },
          "title": "AFFiNE: One-click Remote Code Execution through Custom URL Handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-21853",
        "datePublished": "2026-03-02T18:55:04.978Z",
        "dateReserved": "2026-01-05T16:44:16.366Z",
        "dateUpdated": "2026-03-02T19:19:18.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }