Security: CollaboraOnline/online
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
CVE-2026-48164 Reflected HTML injection in Collabora Online cool.htmlGHSA-wgmm-q3ch-64jj published
Jun 24, 2026 by caolanmModerate -
CVE-2026-46499 Read-only session enforcement bypass allows document modification within a live sessionGHSA-27j2-3cqv-cc5q published
Jun 24, 2026 by caolanmModerate -
CVE-2026-23623 Authorization Bypass: ability to download read-only files in Collabora OnlineGHSA-68v6-r6qq-mmq2 published
Feb 5, 2026 by caolanmModerate -
CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxyGHSA-j3q6-q5pc-v5wf published
Dec 3, 2025 by caolanmModerate -
CVE-2025-27791 Arbitrary file write outside with malicious WOPI serverGHSA-9j32-gg3j-8w25 published
Apr 15, 2025 by caolanmHigh -
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros EnabledGHSA-4jjq-vgqp-qw45 published
Mar 6, 2025 by caolanmModerate -
CVE-2024-5261 TLS certificates are not properly verified when utilizing LibreOfficeKitGHSA-crg3-fjm2-xvpq published
Jul 3, 2024 by caolanmLow -
CVE-2024-37311 Remote host TLS certificates are not fully verifiedGHSA-hvhm-5c44-977x published
Aug 23, 2024 by caolanmHigh -
CVE-2024-29182 Stored Cross-Site-Scripting vulnerability via tooltipGHSA-9gmw-5q2c-4398 published
Apr 2, 2024 by caolanmHigh -
CVE-2024-45045 JavaScript Injection via url encoded values in linksGHSA-78cg-rg4q-26qv published
Aug 29, 2024 by caolanmModerate