Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain a local copy of a shared file. Although there are no corresponding buttons in the interface, pressing Ctrl+Shift+S initiates the file download process. This allows the user to bypass the access restrictions and leads to unauthorized data retrieval. This issue has been patched in Collabora Online Development Edition version 25.04.08.2 and Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5.

INFO

Published Date :

2026-02-05T23:38:02.338Z

Last Modified :

2026-02-06T19:28:38.548Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23623 vulnerability.

Vendors Products
Collaboraoffice
  • Online
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23623.

URL Resource
https://github.com/CollaboraOnline/online/security/advisories/GHSA-68v6-r6qq-mmq2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact