PatchSiren

affine CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH affine CVE published 2026-07-08

CVE-2026-59262

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines by supplying arbitrary document GUIDs. This vulnerability affects users with access to sensitive documents, who should be aware and take steps to protect their data.