Medium severity4.3NVD Advisory· Published May 26, 2026· Updated May 26, 2026
CVE-2026-38587
CVE-2026-38587
Description
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.2.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.