CVE-2026-34213

Name of the Vulnerable Software and Affected Versions Docmost versions 0.3.0 through 0.70.x

Description Improper authorization allows a low-privileged authenticated user to overwrite an attachment of another page within the same workspace. This occurs by providing a victim attachmentId to the endpoint '/api/files/upload'. This is a remote integrity issue that requires no interaction from the victim.

Recommendations Update to version 0.71.0.