Unauthorized Access Vulnerability in AFFiNE GraphQL Document Edit History
CVE-2026-59262
7.1HIGH
What is CVE-2026-59262?
The AFFiNE application contains a security flaw in its GraphQL interface, specifically within the histories field. This vulnerability allows authenticated users to retrieve document edit history without proper permissions. By supplying arbitrary document GUIDs, users can expose sensitive information such as usernames, emails, and timestamps associated with private document pages they should not have access to. This flaw can lead to unauthorized viewing of restricted content, posing a significant risk to user privacy and data security.
Affected Version(s)
monorepo 0
monorepo 0 < 0.26.3
monorepo 0 <= 1f0bcd0
