CVE-2026-27579
CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure
CVSS Score
7.4
EPSS Score
0.0%
EPSS Percentile
0th
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
| CWE | CWE-346 CWE-942 |
| Vendor | karnop |
| Product | realtime-collaboration-platform |
| Published | Feb 21, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for karnop realtime-collaboration-platform
Be the first to know when new high vulnerabilities affecting karnop realtime-collaboration-platform are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
karnop / realtime-collaboration-platform
<= master