CVE-2026-34213 | docmost up to 0.70.x Attachments /api/files/upload attachmentId authorization (GHSA-89fp-2hch-j9gp)

Inserito da Angelo Barbosa | Apr 15, 2026 | CVE

A vulnerability was found in docmost up to 0.70.x. It has been classified as problematic. This vulnerability affects unknown code of the file /api/files/upload of the component Attachments Handler. The manipulation of the argument attachmentId leads to authorization bypass.

This vulnerability is referenced as CVE-2026-34213. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-34213 | docmost up to 0.70.x Attachments /api/files/upload attachmentId authorization (GHSA-89fp-2hch-j9gp)

Post correlati

CVE-2024-35817 | Linux Kernel up to 5.15.153/6.1.83/6.6.23/6.7.11/6.8.2 amdgpu_ttm_gart_bind memory corruption

CVE-2026-1729 | AdForest Plugin up to 6.0.12 on WordPress sb_login_user_with_otp_fun improper authentication

CVE-2024-8124 | GitLab Community Edition/Enterprise Edition up to 17.1.6/17.2.4/17.3.1 glm_source redos (Issue 480533)

CVE-2025-63711 | SourceCodester Client Database Management System 1.0 user_id cross-site request forgery