Browse all 8 CVE security advisories affecting docmost. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Docmost is an open-source collaborative documentation platform designed for team knowledge management and content sharing. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, with eight CVEs documented to date. These vulnerabilities often stem from improper input validation, insufficient access controls, and insecure deserialization. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities highlights the importance of regular security updates and proper configuration. Organizations implementing Docmost should prioritize timely patching and security hardening to mitigate potential risks associated with these documented vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40927 | Docmost: XSS in Comments with JavaScript URI — docmostCWE-79 | 5.4 | Medium | 2026-04-21 |
| CVE-2026-34213 | Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation — docmostCWE-639 | 5.4 | Medium | 2026-04-14 |
| CVE-2026-34212 | Docmost page content has stored XSS via unsanitized attachment URLs — docmostCWE-79 | 5.4 | Medium | 2026-04-14 |
| CVE-2026-33193 | Docmost vulnerable to stored XSS via MIME type spoofing — docmostCWE-79 | 4.6 | Medium | 2026-04-14 |
| CVE-2026-33146 | Docmost's Public Share Search Exposes Metadata of Restricted Children — docmostCWE-285 | 4.3 | Medium | 2026-04-14 |
| CVE-2026-24045 | Docmost Affected by Stored XSS in Public Share Page — docmostCWE-79 | 7.3 | High | 2026-02-10 |
| CVE-2026-23630 | Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering — docmostCWE-79 | 5.4AI | MediumAI | 2026-01-21 |
| CVE-2026-22249 | Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip) — docmostCWE-22 | 7.1 | High | 2026-01-15 |
This page lists every published CVE security advisory associated with docmost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.