Cross-Site Scripting Vulnerability in Docmost Wiki Software
CVE-2026-40927

5.4MEDIUM

Key Information:

Vendor: Docmost
Status: Docmost
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-40927?

Docmost, an open-source collaborative wiki and documentation software, is susceptible to a cross-site scripting vulnerability. This occurs when users can embed JavaScript URIs in comments on pages. If a user clicks on such a link, malicious scripts may execute in their browser, leading to potential unauthorized actions or data leakage. This issue has been resolved in version 0.80.0, highlighting the importance of upgrading to secure versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

docmost < 0.80.0

References

https://github.com/docmost/docmost/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40927 Data

JSON