What is CVE-2026-23630?

The CVE-2026-23630 vulnerability in Docmost allows for stored Cross-Site Scripting (XSS) via unvalidated Mermaid code block rendering. Organizations should prioritize patching to prevent potential exploits.

What is the severity of CVE-2026-23630?

CVE-2026-23630 has a severity rating of MEDIUM with a CVSS base score of 6.3.

CVE-2026-23630 | Medium Vulnerability in Docmost

The CVE-2026-23630 vulnerability affects Docmost, an open-source collaborative wiki and documentation software. This vulnerability allows for stored Cross-Site Scripting (XSS) in versions 0.3.0 through 0.23.2. Attackers can leverage this vulnerability to execute arbitrary HTML and JavaScript by rendering attacker-controlled Mermaid diagrams using mermaid.render() and injecting the returned SVG/HTML into the DOM via dangerouslySetInnerHTML without proper sanitization.

The potential for exploitation is significant as Mermaid's per-diagram %%{init}%% directives allow overriding securityLevel and enabling htmlLabels. This creates an avenue for arbitrary code execution for any viewer of the affected pages. The issue has been addressed and fixed in version 0.24.0.

CVE-2026-23630 has a CVSS score of 6.3, classified as medium severity. The attack vector is network-based, and the attack complexity is low, indicating that exploitation does not require advanced skills. Furthermore, the integrity and confidentiality impacts are rated high, emphasizing the need for swift action.

Given the nature of this vulnerability, organizations using affected versions of Docmost should prioritize patching immediately to mitigate associated risks.

Vulnerability Details

The official description of CVE-2026-23630 outlines that in Docmost versions 0.3.0 through 0.23.2, the Mermaid code block rendering is susceptible to stored Cross-Site Scripting (XSS). This vulnerability is classified under CWE-79 and CWE-116, indicating issues related to improper neutralization of input and insufficient sanitization.

The CVSS score of 6.3 indicates medium severity, highlighting the importance of addressing this vulnerability promptly. The affected product is Docmost, with a publication date of January 21, 2026.

Technical Analysis

The root cause of CVE-2026-23630 stems from the insecure handling of user input in the Mermaid code rendering process. The attack vector is network-based, allowing attackers to exploit this vulnerability remotely. The attack complexity is low, as the exploitation can be accomplished with minimal effort.

Exploitation requires low privileges, and user interaction is passive, as it does not necessitate any action from the victim. The impact on confidentiality and integrity is rated high, with no reported impact on availability.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized execution of scripts, leading to data theft, session hijacking, and further compromise of sensitive information. The vulnerability poses a significant risk, especially in environments where Docmost is deployed widely.

Organizations should address this vulnerability in their priority patch cycle, given the medium severity score and the potential for exploitation. The urgency for remediation is underscored by the potential blast radius in a multi-user environment.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of Docmost from 0.3.0 to 0.23.2. Organizations should upgrade to version 0.24.0 or later to mitigate this risk.

Mitigation & Remediation

To mitigate CVE-2026-23630, organizations should apply the patch provided in version 0.24.0. If immediate patching is not possible, consider implementing input validation and sanitization mechanisms for Mermaid diagrams. Additionally, security testing through penetration testing can help identify weaknesses in the application.

Detection Guidance

Monitoring logs for unusual behavior related to Mermaid code execution can help detect potential exploitation. Additionally, organizations should review access controls and user permissions to ensure that only authorized users can render Mermaid diagrams.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-23630 highlights ongoing issues in input validation across web applications. Organizations should remain vigilant and regularly assess their applications for security weaknesses. Patterns in vulnerabilities like this emphasize the need for comprehensive security training for developers and ongoing security assessments. Security teams should also consider adopting a proactive approach to security with strategies such as penetration testing methodology to enhance their defenses.

In conclusion, CVE-2026-23630 serves as a reminder of the importance of secure coding practices. Organizations can further strengthen their defenses by implementing strategies such as vulnerability management programs and continuous monitoring.

Ultimately, understanding and addressing vulnerabilities like CVE-2026-23630 will help organizations safeguard their systems and data against malicious attacks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-23630: Medium Vulnerability in Docmost