CVE-2026-27579
Published: 21 February 2026
Summary
CVE-2026-27579 is a high-severity Origin Validation Error (CWE-346) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires unique identification of the service before communications, addressing failures to validate the origin of the interaction.
Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.
Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.
Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.
Mandates origin validation so that only legitimate endpoints can continue the authenticated session.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CORS misconfiguration in public-facing CollabPlatform/Appwrite instance directly enables cross-origin authenticated requests; exploitation explicitly requires spearphishing link to lure authenticated user to attacker-controlled origin for data exfil.
NVD Description
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated…
more
cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
Deeper analysisAI
CVE-2026-27579 is a cross-origin resource sharing (CORS) misconfiguration vulnerability affecting all versions of CollabPlatform, a full-stack real-time document collaboration platform. The issue resides in the Appwrite project used by the application, which is incorrectly set to allow arbitrary origins in CORS responses while also permitting credentialed requests. This enables unauthorized cross-origin access to sensitive data.
Attackers can exploit this vulnerability from any network location without privileges by controlling a malicious domain and tricking an authenticated user into interacting with it, such as via a phishing link (user interaction required). Successful exploitation allows the attacker to issue authenticated cross-origin requests and exfiltrate sensitive user account information from the Appwrite instance, including email addresses, account identifiers, and MFA status. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N), reflecting high confidentiality impact with changed scope.
The GitHub security advisory at https://github.com/karnop/realtime-collaboration-platform/security/advisories/GHSA-qh5m-p8jh-hx88, published on 2026-02-21, states that no fix was available at the time of disclosure. Practitioners should monitor for updates from the CollabPlatform maintainers and consider isolating or reconfiguring Appwrite instances to enforce strict origin policies in the interim.
Details
- CWE(s)