NIXPKGS-2026-0499

GitHub issue published 3 months, 3 weeks ago

Permalink CVE-2026-21853

8.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- python312Packages.affine
- python313Packages.affine
- python314Packages.affine
- python312Packages.affinegap
- python313Packages.affinegap
- python314Packages.affinegap
- python312Packages.affine-gaps
- python313Packages.affine-gaps
- haskellPackages.affinely-extended
- haskellPackages.simple-affine-space
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.

References

https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965 x_refsource_CONFIRM
https://github.com/toeverything/AFFiNE/pull/13864 x_refsource_MISC
https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80 x_refsource_MISC

Affected products

AFFiNE

==< 0.25.4

Matching in nixpkgs

pkgs.affine

Workspace with fully merged docs, whiteboards and databases

nixos-unstable 0.26.2
- nixpkgs-unstable 0.26.2
- nixos-unstable-small 0.26.2

pkgs.affine-bin

Workspace with fully merged docs, whiteboards and databases

nixos-unstable 0.18.1
- nixpkgs-unstable 0.18.1
- nixos-unstable-small 0.18.1

Ignored packages (10)

pkgs.python312Packages.affine

None

pkgs.python313Packages.affine

Matrices describing affine transformation of the plane

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.python314Packages.affine

Matrices describing affine transformation of the plane

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.python312Packages.affinegap

None

pkgs.python313Packages.affinegap

Cython implementation of the affine gap string distance

nixos-unstable 2
- nixpkgs-unstable 2
- nixos-unstable-small 2

pkgs.python314Packages.affinegap

Cython implementation of the affine gap string distance

nixos-unstable 2
- nixpkgs-unstable 2
- nixos-unstable-small 2

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0

pkgs.haskellPackages.simple-affine-space

A simple library for affine and vector spaces

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

Package maintainers

@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
@ri-char richar
@redyf Mateus Alves <mateusalvespereira7@gmail.com>

Upstream advisory: https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0499