CVE-2026-21853
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
Analysis
Remote code execution in AFFiNE prior to version 0.25.4 allows unauthenticated attackers to execute arbitrary code on victim machines through malicious affine: URL scheme handlers embedded on websites or in user-generated content. When a victim clicks a crafted link or visits a compromised site that auto-redirects to such a URL, the AFFiNE application processes the payload without additional user interaction, enabling complete system compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all AFFiNE installations and versions in use; notify users to avoid clicking affine: protocol links from untrusted sources; disable the affine: protocol handler if not operationally required. Within 7 days: Implement network segmentation to restrict AFFiNE application access; deploy email gateway rules to block affine: URLs in messages; conduct asset inventory of affected systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today