Stored Cross-Site Scripting Vulnerability in Docmost by Docmost
CVE-2026-33193

4.6MEDIUM

Key Information:

Vendor: Docmost
Status: Docmost
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33193?

Docmost, an open-source collaborative wiki and documentation software, is susceptible to a stored cross-site scripting (XSS) attack due to improper MIME type handling prior to version 0.70.0. Attackers may exploit this vulnerability by injecting malicious scripts, which can jeopardize user security and manipulate data integrity. The issue has been addressed in version 0.70.0, which includes a critical patch to mitigate this risk.

Affected Version(s)

docmost < 0.70.0

References

https://github.com/docmost/docmost/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33193 Data

JSON