Access Control Issue in Grist Spreadsheet Software
CVE-2026-55664
4.3MEDIUM
What is CVE-2026-55664?
The Grist spreadsheet software experienced an access control issue where the GET /forms endpoint allowed unauthorized reading of table and column metadata. This vulnerability permitted a user with partial or public access to view sensitive structural details of documents, circumventing intended access restrictions. Notably, this flaw affected even documents void of actual forms, exposing metadata that should remain protected. The issue has been addressed in Grist version 1.7.15, reinforcing access controls to prevent unauthorized data exposure.
Affected Version(s)
grist-core < 1.7.15
