Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-21853
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-02 Mar, 2026 | 19:16
Updated At-02 Mar, 2026 | 20:29

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-94Primarysecurity-advisories@github.com
CWE ID: CWE-94
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80security-advisories@github.com
N/A
https://github.com/toeverything/AFFiNE/pull/13864security-advisories@github.com
N/A
https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965security-advisories@github.com
N/A
Hyperlink: https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/toeverything/AFFiNE/pull/13864
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found