CVE-2026-25477
AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
| CWE | CWE-601 |
| Vendor | toeverything |
| Product | affine |
| Published | Mar 2, 2026 |
| Last Updated | Mar 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for toeverything affine
Be the first to know when new unknown vulnerabilities affecting toeverything affine are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
toeverything / AFFiNE
< 0.26.0