PT-2026-6642 · Collabora+1 · Collabora Online Development Edition+2
Caolanm
·
Published
2026-02-05
·
Updated
2026-02-06
·
CVE-2026-23623
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Collabora Online versions prior to 23.05.20.1
Collabora Online versions prior to 24.04.17.3
Collabora Online versions prior to 25.04.7.5
Collabora Online Development Edition versions prior to 25.04.08.2
Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. A user with view-only rights and no download privileges can obtain a local copy of a shared file. Pressing Ctrl+Shift+S initiates the file download process, bypassing access restrictions and leading to unauthorized data retrieval.
Recommendations
Update Collabora Online to version 23.05.20.1 or later.
Update Collabora Online to version 24.04.17.3 or later.
Update Collabora Online to version 25.04.7.5 or later.
Update Collabora Online Development Edition to version 25.04.08.2 or later.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Collabora Online
Collabora Online Development Edition
Libreoffice