CVE-2026-38587
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/05/2026
Última modificación:
26/05/2026
Descripción
*** Pendiente de traducción *** An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
Impacto
Puntuación base 3.x
4.30
Gravedad 3.x
MEDIA



