Authorization Bypass in Docmost Open-Source Collaboration Software
CVE-2026-33146

4.3MEDIUM

Key Information:

Vendor: Docmost
Status: Docmost
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33146?

An authorization bypass flaw in Docmost, an open-source collaborative wiki and documentation platform, allows unauthorized users to access restricted child page titles and snippets through its public search API. This vulnerability affects versions 0.70.0 to 0.70.2 and can lead to sensitive information exposure for content that was intended to remain hidden. Users are encouraged to upgrade to version 0.70.3, which contains a security patch to address this issue.

Affected Version(s)

docmost >= 0.70.0, < 0.70.3

References

https://github.com/docmost/docmost/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33146 Data

JSON