CVE-2026-34213 | docmost up to 0.70.x Attachments /api/files/upload attachmentId authorization (GHSA-89fp-2hch-j9gp)

A vulnerability was found in docmost up to 0.70.x. It has been classified as problematic. This vulnerability affects unknown code of the file /api/files/upload of the component Attachments Handler. The manipulation of the argument attachmentId leads to authorization bypass.

This vulnerability is referenced as CVE-2026-34213. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More