CNNVD-202601-2574 Information

CNNVD ID

CNNVD-202601-2574

Related CVE

CVE-2026-22249

• CNNVD Published: 2026-01-15

Description (Chinese)

Docmost是Docmost开源的一个开协作维基和文档软件。 Docmost 0.24.0之前版本存在安全漏洞，该漏洞源于ZIP导入功能对文件名缺少验证，可能导致任意文件写入。

Description (English)

Dochost is an open collaborative wiki and document software for Docchost Open Source. There was a security loophole in the pre-Dochost 0.24.0 version, which stemmed from the lack of ZIP import authentication of file names, which could lead to the writing of any document.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Docmost

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/docmost/docmost/commit/c3b350d943108552e20654580005cd6f6c78ab05 https://github.com/docmost/docmost/pull/1753 https://github.com/docmost/docmost/releases/tag/v0.24.0 https://github.com/docmost/docmost/security/advisories/GHSA-54pm-hqxm-54wg

Patch

https://github.com/docmost/docmost/releases