Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1370

NIXPKGS-2026-1370
published on
Permalink CVE-2026-7702
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated an hour ago by @LeSuisse Activity log
  • Created suggestion 10 hours ago
  • @LeSuisse ignored
    2 references
    2 hours ago
  • @LeSuisse ignored
    11 packages
    • python312Packages.affine
    • python313Packages.affine
    • python314Packages.affine
    • python312Packages.affinegap
    • python313Packages.affinegap
    • python314Packages.affinegap
    • python312Packages.affine-gaps
    • python313Packages.affine-gaps
    • python314Packages.affine-gaps
    • haskellPackages.affinely-extended
    • haskellPackages.simple-affine-space
    2 hours ago
  • @LeSuisse accepted 2 hours ago
  • @LeSuisse published on GitHub an hour ago
toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

AFFiNE
  • ==0.26.1
  • ==0.26.0
  • ==0.26.3
  • ==0.26.2

Matching in nixpkgs

pkgs.affine

Workspace with fully merged docs, whiteboards and databases

Ignored packages (11)

pkgs.python313Packages.affinegap

Cython implementation of the affine gap string distance

  • nixos-unstable 2
    • nixpkgs-unstable 2
    • nixos-unstable-small 2
  • nixos-25.11 1.12
    • nixos-25.11-small 1.12
    • nixpkgs-25.11-darwin 1.12

Package maintainers