Toeverything Affine
4 CVEs affecting Toeverything Affine. Latest disclosed: 2026-05-03. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-21853 | High | 8.8 | 2026-03-02 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This… |
CVE-2026-7702 | Medium | 5.3 | 2026-05-03 | A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of… |
CVE-2025-11945 | Low | 3.5 | 2025-10-19 | A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such… |
CVE-2026-25477 | | 2026-03-02 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redire… |