Skip to main content

Seahub CVE-2026-56768

| EUVDEUVD-2026-39520 HIGH
Missing Authorization (CWE-862)
2026-06-25 VulnCheck GHSA-w52g-25r7-3c46
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable, low-complexity bypass needing only a share-link token (PR:L, no UI); impact is mass disclosure of shared files so C:H, with no evidenced integrity or availability impact (I:N/A:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 18:52 vuln.today
Analysis Generated
Jun 25, 2026 - 18:52 vuln.today

DescriptionCVE.org

Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees.

AnalysisAI

Authorization bypass in Seahub (the Seafile web frontend) before 13.0.23 lets a holder of a folder share-link token call GET /api/v2.1/share-link-zip-task/ without honoring the SHARE_LINK_LOGIN_REQUIRED policy, obtaining a fileserver zip token to download entire shared directory trees. Classified as CWE-862 (Missing Authorization) and reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain leaked folder share-link token
Delivery
Send GET to /api/v2.1/share-link-zip-task/
Exploit
Bypass SHARE_LINK_LOGIN_REQUIRED check
Execution
Receive fileserver zip token
Impact
Download entire shared directory tree

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid folder share-link token for the target Seahub instance and that the deployment relies on the SHARE_LINK_LOGIN_REQUIRED setting being enabled (the very control the bug bypasses); the attack targets the GET method of /api/v2.1/share-link-zip-task/ to mint a fileserver zip token for the linked folder. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) scores 8.7 (High) and reflects a network-reachable, low-complexity attack with low privileges and no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who obtains or guesses a folder share-link token - for example one leaked in a forwarded email, chat, or referrer log - sends a GET request to /api/v2.1/share-link-zip-task/ on a Seahub instance that has SHARE_LINK_LOGIN_REQUIRED enabled. Instead of being forced to log in, the attacker receives a fileserver zip token and downloads the entire shared directory tree. …
Remediation Upgrade Seahub to the fixed release: Vendor-released patch: 13.0.23, which adds the SHARE_LINK_LOGIN_REQUIRED enforcement to the GET handler (see fix commits https://github.com/haiwen/seahub/commit/b609949cf64ed6a15708d0fb5ea9c179962e23cc and https://github.com/haiwen/seahub/commit/162cddae0831188d02bb8d451dc2193e197dcc57, and the VulnCheck advisory https://www.vulncheck.com/advisories/seahub-authentication-bypass-in-sharelinkziptaskview-get-method). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Seahub deployments and identify instances running versions before 13.0.23; prioritize internet-facing or sensitive-data instances. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56768 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy