CVE-2026-38587 | ONLYOFFICE DocSpace up to 3.2.0 REST API resource injection

A vulnerability described as problematic has been identified in ONLYOFFICE DocSpace up to 3.2.0. This affects an unknown part of the component REST API. The manipulation results in improper control of resource identifiers.

This vulnerability is cataloged as CVE-2026-38587. The attack must originate from the local network. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More