Docmost: Low-Privilege User Can Overwrite Attachments

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Docmost: Low-Privilege User Can Overwrite Attachments

CVE-2026-34213

Summary

A security patch is available for Docmost versions prior to 0.71.0. A low-privileged user on the same workspace can upload a file to overwrite another user's attachment without permission. Update to version 0.71.0 or later to fix this issue.

Original title

Original description

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim `attachmentId` to `POST /api/files/upload`. This is a remote integrity issue requiring no victim interaction. Version 0.71.0 contains a patch.

nvd CVSS3.1 5.4

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://github.com/docmost/docmost/security/advisories/GHSA-89fp-2hch-j9gp

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026