Open Redirect in Toeverything Affine

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an impr…

Vulnerability class: Open Redirect

EPSS: 0.000 (11.1th percentile) — read the EPSS interpretation.

Affected products

Toeverything Affine — versions < 0.26.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289 (x_refsource_CONFIRM)