cvedb.io
CVE-2026-25477
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-03-02T20:16:26.407 · Last modified 2026-06-17T10:24:42.100

Summary

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.

Affected products

affine — affine

Does this affect you?

Add your gear to cvedb and we'll alert you only when affine ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.