Docmost versions 0.70.0 through 0.70.2 contain an authorization bypass that allows unauthenticated users to retrieve titles and text snippets of restricted child pages via the public share search endpoint (POST /api/search/share-search). This flaw permits enumeration of hidden content that should be visible only to authorized viewers, exposing sensitive metadata and leading to a confidentiality breach. The weakness is an insufficient authorization (CWE‑285).

The affected product is the Docmost open‑source collaborative wiki and documentation software. Users running Docmost versions 0.70.0, 0.70.1, or 0.70.2 are vulnerable. Version 0.70.3 includes the patch that disables the metadata exposure. No other vendors or products are noted.

The CVSS score of 4.3 indicates moderate severity. The exploit is triggered solely by making unauthenticated HTTP requests to the search API, so the attack vector is remote and requires no special privileges. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widely known exploits exist yet. Nevertheless, the simplicity of the request route means that an attacker could feasibly enumerate restricted content, potentially compromising sensitive information. The overall risk is moderate with a focus on confidentiality.