CVE-2026-27579
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
2Description
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
Analysis
CollabPlatform's misconfigured CORS policy allows credentialed cross-origin requests from attacker-controlled domains, enabling unauthorized access to sensitive user account data including email addresses, account identifiers, and MFA status. All versions of the application are affected by this vulnerability, which remains unpatched and exploitable through simple web-based attacks requiring user interaction.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all CollabPlatform instances and document which contain sensitive data; notify users of the vulnerability and advise against using the platform for confidential information until remediation is complete. Within 7 days: Implement WAF rules to restrict CORS headers and block requests with suspicious Origin headers; configure network segmentation to limit CollabPlatform access; contact vendor for timeline on patch availability. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today