HIGH
affine
CVE published 2026-07-08
CVE-2026-59262
AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines by supplying arbitrary document GUIDs. This vulnerability affects users with access to sensitive documents, who should be aware and take steps to protect their data.