ONLYOFFICE/DocSpace

GitHub

github.com

www.onlyoffice.com

Releases30

Frequency1 month 3 weeks

Last Release 6 months ago

Stars257

ONLYOFFICE DocSpace is a room-based collaborative platform which allows organizing a clear file structure depending on users' needs or project goals. Flexible access permissions and user roles allow fine-tuning the access to the whole space or separate rooms.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-38587 ↗	May 26, 2026Tuesday, 26 May 2026, 16:16	4.3 MEDIUM	—
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.