Description
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-04-03
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Access Control Bypass
Action: Immediate Patch
AI Analysis

Impact

A weakness has been identified in BookStackApp BookStack, located in the function chapterToMarkdown of the Chapter Export Handler. The flaw allows manipulation of the pages argument, resulting in improper access controls. An attacker can exploit this vulnerability by remotely triggering the export process to gain unauthorized access to chapter data.

Affected Systems

Affected systems include all installations of BookStackApp BookStack up to and including version 26.03. The vulnerability is present in the ExportFormatter.php component. Users running earlier releases have no known mitigation; upgrading to 26.03.1 or later resolves the issue.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. EPSS data is unavailable, but the public exploit demonstrates that the vulnerability can be used remotely. It is not currently listed in the CISA KEV catalog. As the attack vector is remote and requires only manipulating a public‑facing endpoint, the risk to systems that expose the export functionality is significant for organizations that host uncensored or private content.

Generated by OpenCVE AI on April 3, 2026 at 22:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade BookStack to version 26.03.1 or later to remove the export access control flaw.

Generated by OpenCVE AI on April 3, 2026 at 22:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
First Time appeared Bookstackapp
Bookstackapp bookstack
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*
Vendors & Products Bookstackapp
Bookstackapp bookstack
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Bookstackapp Bookstack
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-08T18:52:44.563Z

Reserved: 2026-04-03T13:10:53.751Z

Link: CVE-2026-5484

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-03T20:16:05.347

Modified: 2026-04-24T18:13:28.877

Link: CVE-2026-5484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:16:44Z

Weaknesses