CVE-2026-58489

Source
https://cve.org/CVERecord?id=CVE-2026-58489
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58489.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58489
Aliases
  • GHSA-8v9p-5j95-826j
Published
2026-07-13T22:34:51.730Z
Modified
2026-07-16T03:48:43.883096865Z
Severity
  • 6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
Summary
HedgeDoc: CSRF in GitHub Gist export callback
Details

HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2  state  value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not properly validated, an attacker could forge a callback URL containing their own valid GitHub OAuth code. When processing the callback, HedgeDoc used the victim's logged-in session to select which note to export, but the attacker's authorization code to determine which GitHub account received it. As a result, a logged-in victim who clicked a crafted link could export their own private, protected, or limited note directly into a Gist controlled by the attacker. This issue has been fixed in version 1.11.0.

Database specific
{
    "cwe_ids": [
        "CWE-352"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58489.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/hedgedoc/hedgedoc

Affected ranges

Type
GIT
Repo
https://github.com/hedgedoc/hedgedoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.5.0
1.*
1.0.0-ce
1.0.1-ce
1.1.0-ce
1.1.1-ce
1.10.0
1.10.1
1.10.2
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.4.0
1.5.0
1.6.0
1.7.0
1.7.0-rc1
1.7.0-rc2
1.7.1
1.7.2
1.8.0
1.8.0-rc1
1.8.1
1.8.2
1.9.0
1.9.0-rc1
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
v0.*
v0.3.3
v0.3.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58489.json"