CVE-2026-40300— Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history
Possible ATT&CK Techniques 1AI
T1005 · Data from Local SystemGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40300
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history
Source: NVD (National Vulnerability Database)
Vulnerability Description
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zulip 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zulip是美国Zulip公司的一款功能强大的开源群聊应用程序。用于将实时聊天的即时性与线程对话的生产力优势相结合。 Zulip 12.0之前版本存在访问控制错误漏洞,该漏洞源于当message_edit_history_visibility_policy设置为moves时,/api/v1/messages/{id}/history仍返回历史内容值,可能导致低权限用户恢复其他用户消息中被编辑的文本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40300
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40300
请登录查看更多情报信息。
- https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89crx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-40300
IV. Related Vulnerabilities
Same product: zulip
- CVE-2026-26058
Zulip: Path Traversal in Import - CVE-2026-25742
Zulip: Anonymous File Access After Disabling Spectator Acces - CVE-2026-25741
Zulip Vulnerable to Modification of Payment Method (Stripe D - CVE-2026-24050
Zulip affected by Stored XSS in user profile modal - CVE-2025-52559
Zulip XSS in digest preview URL
Same vendor: zulip
- CVE-2026-26058
Zulip: Path Traversal in Import - CVE-2026-25742
Zulip: Anonymous File Access After Disabling Spectator Acces - CVE-2026-25741
Zulip Vulnerable to Modification of Payment Method (Stripe D - CVE-2026-24050
Zulip affected by Stored XSS in user profile modal - CVE-2025-52559
Zulip XSS in digest preview URL
Same weakness: CWE-284
- CVE-2026-8752
h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java - CVE-2026-45301
Open WebUI: Missing permission check in files API allows aut - CVE-2026-44556
Open WebUI: responses passthrough endpoint lacks access cont - CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int - CVE-2025-0040
NXP JTAG-AXI访问控制漏洞
V. Comments for CVE-2026-40300
No comments yet