Unauthorized Access Vulnerability in AFFiNE GraphQL Document Edit History
CVE-2026-59262

7.1HIGH

Key Information:

Vendor

Affine

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59262?

The AFFiNE application contains a security flaw in its GraphQL interface, specifically within the histories field. This vulnerability allows authenticated users to retrieve document edit history without proper permissions. By supplying arbitrary document GUIDs, users can expose sensitive information such as usernames, emails, and timestamps associated with private document pages they should not have access to. This flaw can lead to unauthorized viewing of restricted content, posing a significant risk to user privacy and data security.

Affected Version(s)

monorepo 0

monorepo 0 < 0.26.3

monorepo 0 <= 1f0bcd0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Chen
.