<Vulnerability name="CVE-2026-59262">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-08T15:44:07</PublicDate>
    <Bugzilla id="2498132" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498132" xml:lang="en:us">
AFFiNE: AFFiNE: Information disclosure via histories GraphQL field
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-639</CWE>
    <Details xml:lang="en:us" source="Mitre">
AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in AFFiNE. This vulnerability allows an authenticated workspace member to bypass document read permissions by supplying arbitrary document Globally Unique Identifiers (GUIDs) to the histories GraphQL field. This can lead to information disclosure, enabling attackers to retrieve full edit histories, including user names, emails, and timestamps, of private pages they are not authorized to access.
    </Details>
    <Statement xml:lang="en:us">
This Moderate impact information disclosure flaw in AFFiNE allows authenticated workspace members to bypass document read permissions. By supplying arbitrary document GUIDs to the histories GraphQL field, attackers can retrieve full edit histories, including user names, emails, and timestamps, of private pages they are not authorized to access. This issue primarily affects deployments of AFFiNE and does not directly impact Red Hat products.
    </Statement>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaiis/vllm-cpu-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaiis/vllm-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaiis/vllm-rocm-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaiis/vllm-tpu-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaii/vllm-cpu-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ai_inference_server:3">
        <ProductName>Red Hat AI Inference Server</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhaii/vllm-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhelai3/bootc-aws-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhelai3/bootc-azure-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhelai3/bootc-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhelai3/bootc-gcp-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_ai">
        <ProductName>Red Hat OpenShift AI (RHOAI)</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rhoai/odh-mlflow-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-59262
https://nvd.nist.gov/vuln/detail/CVE-2026-59262
https://github.com/toeverything/AFFiNE
https://github.com/toeverything/AFFiNE/commit/1f0bcd01a37a522393fc1b288395e3a72a79ccad
https://github.com/toeverything/AFFiNE/issues/15179
https://www.vulncheck.com/advisories/affine-unauthorized-document-edit-history-access-via-graphql-histories-field
    </References>
</Vulnerability>