Cyber Resilience

CVE-2026-22867

High

Published: 15 January 2026

Published
15 January 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0025 16.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22867 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Lasuite Docs. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2026-22867 is a Stored Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, affecting LaSuite Doc, a collaborative note-taking, wiki, and documentation platform. The issue resides in the Interlinking feature across versions 3.8.0 through 4.3.0, where the editor fails to validate URLs used in links to other documents. This allows injection of malicious javascript: URLs. The vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and potential for high confidentiality and integrity impacts with cross-origin privileges.

An attacker with document editing privileges can exploit this by crafting a link with a malicious javascript: payload during document creation or editing. When other users interact with the document and click the link, the payload executes arbitrary JavaScript in their browser context, potentially leading to session hijacking, data theft, or further compromise within the application's scope.

Mitigation is available in LaSuite Doc version 4.4.0, which addresses the URL validation flaw. Relevant resources include the fixing commit at https://github.com/suitenumerique/docs/commit/e807237dbedbc189230296b81c3aeccc1c04fa77, the release notes at https://github.com/suitenumerique/docs/releases/tag/v4.4.0, and the GitHub security advisory at https://github.com/suitenumerique/docs/security/advisories/GHSA-4rwv-ghwh-9rv6. Security practitioners should prioritize upgrading affected instances and review editing permissions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL…

more

of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stored XSS directly enables browser JS execution (T1059.007) and session hijacking (T1185) via malicious link clicks; exploitation occurs against a public-facing web app (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50905Shared CWE-79
CVE-2025-27271Shared CWE-79
CVE-2025-40587Shared CWE-79
CVE-2025-0918Shared CWE-79
CVE-2025-69096Shared CWE-79
CVE-2025-13761Shared CWE-79
CVE-2024-13690Shared CWE-79
CVE-2025-68012Shared CWE-79
CVE-2025-22766Shared CWE-79
CVE-2026-27359Shared CWE-79

Affected Assets

lasuite
docs
3.8.0 — 4.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of URL validation in the Interlinking feature by requiring checks on user-supplied link URLs to block malicious javascript: schemes.

prevent

Filters or encodes output of stored links prior to rendering, preventing execution of injected javascript: payloads when users click them.

prevent

Ensures timely identification, reporting, and patching of the specific Stored XSS flaw fixed in LaSuite Doc version 4.4.0.

References