CVE-2026-25642

by Fred · 06/02/2026

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious interactive web content (such as fake login forms) using SVG files. This vulnerability is fixed in 1.10.6.

More information : https://github.com/hedgedoc/hedgedoc/commit/74daa0e7a1cbfafd9aeb255eaf064dfe47cd401c

CVE-2026-25642

Similar

Recent Posts

Categories

CVE-2026-25642

Share this:

Similar

Recent Posts

Categories

Tags