| Título | AFFiNE AFFiNE (https://github.com/toeverything/AFFiNE) 0.26.3 Authorization Bypass |
|---|
| Descrição | Summary
The public markdown preview endpoint GET /workspace/:workspaceId/:docId returns the full markdown body of private documents when workspace-level URL preview is enabled. This allows access to private documents when enableUrlPreview is enabled at the workspace level. Unlike the existing HTML preview flow, which only exposes limited metadata and a truncated summary for URL unfurling, the markdown flow returns the entire document content. As a result, an unauthenticated attacker who knows a private document URL can retrieve the full contents of that document by sending Accept: text/markdown.
Serverity: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
The vulnerable behavior is exposed through the public renderer route:
GET /workspace/:workspaceId/:docId
No authentication is required
The markdown branch is selected when the request includes Accept: text/markdown
The root cause is that the markdown response path uses the same allowDocPreview() authorization check as the HTML preview path. That check allows preview access when:
workspace sharing is enabled, and
either the document is public, or the workspace has enableUrlPreview = true
That logic is appropriate for limited URL unfurling metadata, but it is not safe for full-content markdown export.
The behavioral difference is critical:
HTML preview path:
returns title and a short summary only
summary is truncated for preview use
Markdown preview path:
calls getDocMarkdown(...)
returns the entire markdown-rendered document body
no truncation is applied
This creates an authorization bypass for document content exposure. A private document remains non-public in the product UI, but the full markdown becomes available to any unauthenticated party that knows the document URL and sends a markdown Accept header.
PoC
Create or use a workspace you own.
Enable Allow workspace page sharing.
Enable Always enable url preview.
Create a document containing a unique secret string, for example:
SECRET_MARKDOWN_LEAK_TEST_123
Keep the document private. Do not publish it publicly.
Copy the document URL:
https://<target-host>/workspace/<workspaceId>/<docId>
Send the following unauthenticated request:
GET /workspace/<workspaceId>/<docId> HTTP/1.1
Host: <target-host>
Accept: text/markdown
Connection: close
Example with curl:
curl -i \
-H "Accept: text/markdown" \
"https://<target-host>/workspace/<workspaceId>/<docId>"
Observe that the response is 200 OK with Content-Type: text/markdown; charset=utf-8.
Observe that the response body contains the full markdown content of the private document, including the secret string:
SECRET_MARKDOWN_LEAK_TEST_123 |
|---|
| Fonte | ⚠️ https://github.com/ngocnn97/security-advisories/blob/main/AFFiNE_BAC_PoC.mp4 |
|---|
| Utilizador | ngocnn97 (UID 96701) |
|---|
| Submissão | 14/04/2026 16h48 (há 2 meses) |
|---|
| Moderação | 02/05/2026 22h34 (18 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 360871 [toeverything AFFiNE até 0.26.3 Public Markdown Preview Endpoint :docId allowDocPreview Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|