CVE-2026-27579
Published: 21 February 2026
Summary
CVE-2026-27579 is a high-severity Origin Validation Error (CWE-346) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-27579 is a cross-origin resource sharing (CORS) misconfiguration vulnerability affecting all versions of CollabPlatform, a full-stack real-time document collaboration platform. The issue resides in the Appwrite project used by the application, which is incorrectly set to allow arbitrary origins in CORS responses while also permitting credentialed requests. This enables unauthorized cross-origin access to sensitive data.
Attackers can exploit this vulnerability from any network location without privileges by controlling a malicious domain and tricking an authenticated user into interacting with it, such as via a phishing link (user interaction required). Successful exploitation allows the attacker to issue authenticated cross-origin requests and exfiltrate sensitive user account information from the Appwrite instance, including email addresses, account identifiers, and MFA status. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N), reflecting high confidentiality impact with changed scope.
The GitHub security advisory at https://github.com/karnop/realtime-collaboration-platform/security/advisories/GHSA-qh5m-p8jh-hx88, published on 2026-02-21, states that no fix was available at the time of disclosure. Practitioners should monitor for updates from the CollabPlatform maintainers and consider isolating or reconfiguring Appwrite instances to enforce strict origin policies in the interim.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7707
Vulnerability details
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated…
more
cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CORS misconfiguration in public-facing CollabPlatform/Appwrite instance directly enables cross-origin authenticated requests; exploitation explicitly requires spearphishing link to lure authenticated user to attacker-controlled origin for data exfil.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces information flow rules between origins, preventing the arbitrary cross-origin credentialed requests that enable exfiltration of Appwrite user data.
Implements boundary protection mechanisms that restrict unauthorized cross-origin flows to the Appwrite backend, blocking the described CORS misconfiguration.
Enforces approved access authorizations at the application boundary, which the permissive CORS policy violates to allow unauthenticated cross-origin reads.