All 3 CVE vulnerabilities found in AFFiNE, with AI-generated Chinese analysis, references, and POCs.
Vendor: toeverything
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25477 | AFFiNE: Open Redirect via Regex Bypass in redirect-proxy CWE-601 | 5.4AI | MediumAI | 2026-03-02 |
| CVE-2026-21853 | AFFiNE: One-click Remote Code Execution through Custom URL Handling CWE-94 | 8.8 | High | 2026-03-02 |
| CVE-2025-11945 | toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting CWE-79 | 3.5 | Low | 2025-10-19 |
All 3 known CVE vulnerabilities affecting AFFiNE with full Chinese analysis, references, and POCs where available.