Description

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.

INFO

Published Date :

2026-03-02T19:14:05.003Z

Last Modified :

2026-03-02T20:30:32.614Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25477 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25477.

URL Resource
https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability