CVE-2026-5484

Published: Apr 03, 2026 Last Modified: Apr 03, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

266

Incorrect Privilege Assignment

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
View CWE Details
284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
https://github.com/BookStackApp/BookStack/
https://github.com/BookStackApp/BookStack/
https://github.com/BookStackApp/BookStack/commit/8a59895ba0…
https://github.com/BookStackApp/BookStack/commit/8a59895ba063040cc8dafd82e94024…
https://github.com/BookStackApp/BookStack/releases/tag/v26.…
https://github.com/BookStackApp/BookStack/releases/tag/v26.03.1
https://github.com/Ghufran2/CVE-Bookstack/blob/main/Permiss…
https://github.com/Ghufran2/CVE-Bookstack/blob/main/Permission%20Bypass%20in%20…
https://vuldb.com/submit/781762
https://vuldb.com/submit/781762
https://vuldb.com/vuln/355091
https://vuldb.com/vuln/355091
https://vuldb.com/vuln/355091/cti
https://vuldb.com/vuln/355091/cti
https://www.bookstackapp.com/blog/bookstack-release-v26-03-…
https://www.bookstackapp.com/blog/bookstack-release-v26-03-1/