Skip to main content

Seahub

1 CVEs product

Monthly

CVE-2026-56768 HIGH PATCH This Week

Authorization bypass in Seahub (the Seafile web frontend) before 13.0.23 lets a holder of a folder share-link token call GET /api/v2.1/share-link-zip-task/ without honoring the SHARE_LINK_LOGIN_REQUIRED policy, obtaining a fileserver zip token to download entire shared directory trees. Classified as CWE-862 (Missing Authorization) and reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided in the input.

Authentication Bypass Seahub
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Authorization bypass in Seahub (the Seafile web frontend) before 13.0.23 lets a holder of a folder share-link token call GET /api/v2.1/share-link-zip-task/ without honoring the SHARE_LINK_LOGIN_REQUIRED policy, obtaining a fileserver zip token to download entire shared directory trees. Classified as CWE-862 (Missing Authorization) and reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided in the input.

Authentication Bypass Seahub
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy