CVE-2026-7702 in AFFiNEinfo

Zusammenfassung

von MITRE • 03.05.2026

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

03.05.2026

Moderieren

akzeptiert

Eintrag

VDB-360871

CPE

bereit

CWE

CWE-639 (bestätigt)

Exploit

Download

CVSS

5.3 (VulDB)

EPSS

0.00039

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7702
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7702
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7702/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!