Access Control Issue in Grist Spreadsheet Software
CVE-2026-55664

4.3MEDIUM

Key Information:

Vendor

Gristlabs

Vendor
CVE Published:
10 July 2026

What is CVE-2026-55664?

The Grist spreadsheet software experienced an access control issue where the GET /forms endpoint allowed unauthorized reading of table and column metadata. This vulnerability permitted a user with partial or public access to view sensitive structural details of documents, circumventing intended access restrictions. Notably, this flaw affected even documents void of actual forms, exposing metadata that should remain protected. The issue has been addressed in Grist version 1.7.15, reinforcing access controls to prevent unauthorized data exposure.

Affected Version(s)

grist-core < 1.7.15

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.