Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain a local copy of a shared file. Although there are no corresponding buttons in the interface, pressing Ctrl+Shift+S initiates the file download process. This allows the user to bypass the access restrictions and leads to unauthorized data retrieval. This issue has been patched in Collabora Online Development Edition version 25.04.08.2 and Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5.
Published: 2026-02-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data retrieval via hidden keyboard shortcut
Action: Immediate Patch
AI Analysis

Impact

Collabora Online, a collaborative office suite built on LibreOffice technology, allows a user with view‑only permissions to obtain a full copy of a shared document through a concealed keyboard shortcut, Ctrl+Shift+S. This shortcut triggers the download routine even though the interface displays no download button, thereby bypassing the intended download restrictions. The flaw represents an authorization bypass weakness (CWE‑285) that can lead to unauthorized data retrieval.

Affected Systems

The vulnerability affects Collabora Online Development Edition versions older than 25.04.08.2 and stable Collabora Online releases older than 23.05.20.1, 24.04.17.3, and 25.04.7.5. Administrators should inventory any Collabora Online deployments and compare them against these baseline versions to determine exposure.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity, and the EPSS value of less than 1 % indicates a low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. Because the exploit requires a user with view‑only rights to press the shortcut within the application, the attack vector is inferred to be local or user‑initiated. Overall risk is moderate with limited impact if the environment limits view‑only users or restricts external access.

Generated by OpenCVE AI on April 17, 2026 at 22:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Collabora Online to Development Edition version 25.04.08.2 or later, or to stable releases 23.05.20.1, 24.04.17.3, or 25.04.7.5 or newer.
  • Ensure that all servers and containers running Collabora Online have been updated to one of these secure releases and that no legacy copies remain accessible.
  • If an immediate upgrade is not possible, reduce the exposure of view‑only users by restricting or disabling shared document access for those roles and by applying network controls to limit outbound access from clients belonging to that user group.

Generated by OpenCVE AI on April 17, 2026 at 22:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Collaboraoffice
Collaboraoffice online
Vendors & Products Collaboraoffice
Collaboraoffice online

Thu, 05 Feb 2026 23:45:00 +0000

Type Values Removed Values Added
Description Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain a local copy of a shared file. Although there are no corresponding buttons in the interface, pressing Ctrl+Shift+S initiates the file download process. This allows the user to bypass the access restrictions and leads to unauthorized data retrieval. This issue has been patched in Collabora Online Development Edition version 25.04.08.2 and Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5.
Title Collabora Online vulnerable to Authorization Bypass
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Collaboraoffice Online
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-06T19:28:38.548Z

Reserved: 2026-01-14T16:08:37.482Z

Link: CVE-2026-23623

cve-icon Vulnrichment

Updated: 2026-02-06T19:28:35.393Z

cve-icon NVD

Status : Deferred

Published: 2026-02-06T00:15:56.663

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses