CVE-2026-23623: CWE-285: Improper Authorization in CollaboraOnline online
CVE-2026-23623 is a medium severity vulnerability in Collabora Online that allows users with view-only permissions and no download rights to bypass access controls and download shared files by pressing Ctrl+Shift+S, despite the interface lacking download buttons. This improper authorization issue affects multiple versions prior to patched releases in 2026. The vulnerability impacts confidentiality by enabling unauthorized data retrieval without requiring authentication or user interaction beyond the keypress. It has a CVSS score of 5. 3 and has not been observed exploited in the wild. European organizations using vulnerable versions of Collabora Online for document collaboration risk unauthorized data exposure. Mitigation requires updating to fixed versions 23. 05. 20. 1, 24.
AI Analysis
Technical Summary
CVE-2026-23623 is an improper authorization vulnerability (CWE-285) identified in Collabora Online, a collaborative office suite based on LibreOffice technology. The flaw exists in versions prior to 23.05.20.1, 24.04.17.3, 25.04.7.5, and the Development Edition before 25.04.08.2. It allows a user assigned only view permissions and explicitly denied download rights to circumvent these restrictions and obtain a local copy of a shared document. This is achieved by pressing the keyboard shortcut Ctrl+Shift+S, which triggers the file download process even though the user interface does not present any download buttons or options. The vulnerability thus enables unauthorized data retrieval, compromising confidentiality without affecting integrity or availability. The CVSS v3.1 base score is 5.3, reflecting network attack vector, low complexity, no privileges required, and no user interaction beyond the shortcut key press. No known exploits have been reported in the wild as of the publication date. The issue was reserved in January 2026 and publicly disclosed in February 2026, with patches released in the specified versions. This vulnerability highlights a design oversight in access control enforcement within the Collabora Online document sharing and permission system.
Potential Impact
For European organizations, this vulnerability poses a risk of unauthorized data disclosure from collaborative document environments. Organizations using Collabora Online for internal or external document sharing may inadvertently expose sensitive or confidential information to users who should only have view-only access without download capabilities. This can lead to data leakage incidents, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The impact is particularly relevant for sectors handling sensitive data such as government, finance, healthcare, and legal services. Since the exploit requires no authentication or complex steps beyond a keyboard shortcut, insider threats or compromised accounts with limited permissions can easily abuse this flaw. The vulnerability does not affect data integrity or availability but undermines trust in access control mechanisms. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for targeted attacks or opportunistic abuse.
Mitigation Recommendations
European organizations should immediately upgrade Collabora Online installations to the patched versions: 23.05.20.1, 24.04.17.3, 25.04.7.5, or Development Edition 25.04.08.2. Until patching is complete, administrators should review and tighten user permission settings, minimizing the number of users with view-only access to sensitive documents. Implement monitoring and alerting for unusual file download activities, especially keyboard shortcut usage or unexpected file access patterns. Consider disabling or remapping the Ctrl+Shift+S shortcut at the application or system level as a temporary workaround. Conduct user training to raise awareness about the vulnerability and encourage reporting of suspicious behavior. Regularly audit document sharing policies and access logs to detect unauthorized data retrieval attempts. Collaborate with IT and security teams to integrate vulnerability management processes ensuring timely updates of collaboration platforms. Finally, evaluate alternative secure collaboration tools if patching is delayed or not feasible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2026-23623: CWE-285: Improper Authorization in CollaboraOnline online
Description
CVE-2026-23623 is a medium severity vulnerability in Collabora Online that allows users with view-only permissions and no download rights to bypass access controls and download shared files by pressing Ctrl+Shift+S, despite the interface lacking download buttons. This improper authorization issue affects multiple versions prior to patched releases in 2026. The vulnerability impacts confidentiality by enabling unauthorized data retrieval without requiring authentication or user interaction beyond the keypress. It has a CVSS score of 5. 3 and has not been observed exploited in the wild. European organizations using vulnerable versions of Collabora Online for document collaboration risk unauthorized data exposure. Mitigation requires updating to fixed versions 23. 05. 20. 1, 24.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-23623 is an improper authorization vulnerability (CWE-285) identified in Collabora Online, a collaborative office suite based on LibreOffice technology. The flaw exists in versions prior to 23.05.20.1, 24.04.17.3, 25.04.7.5, and the Development Edition before 25.04.08.2. It allows a user assigned only view permissions and explicitly denied download rights to circumvent these restrictions and obtain a local copy of a shared document. This is achieved by pressing the keyboard shortcut Ctrl+Shift+S, which triggers the file download process even though the user interface does not present any download buttons or options. The vulnerability thus enables unauthorized data retrieval, compromising confidentiality without affecting integrity or availability. The CVSS v3.1 base score is 5.3, reflecting network attack vector, low complexity, no privileges required, and no user interaction beyond the shortcut key press. No known exploits have been reported in the wild as of the publication date. The issue was reserved in January 2026 and publicly disclosed in February 2026, with patches released in the specified versions. This vulnerability highlights a design oversight in access control enforcement within the Collabora Online document sharing and permission system.
Potential Impact
For European organizations, this vulnerability poses a risk of unauthorized data disclosure from collaborative document environments. Organizations using Collabora Online for internal or external document sharing may inadvertently expose sensitive or confidential information to users who should only have view-only access without download capabilities. This can lead to data leakage incidents, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The impact is particularly relevant for sectors handling sensitive data such as government, finance, healthcare, and legal services. Since the exploit requires no authentication or complex steps beyond a keyboard shortcut, insider threats or compromised accounts with limited permissions can easily abuse this flaw. The vulnerability does not affect data integrity or availability but undermines trust in access control mechanisms. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for targeted attacks or opportunistic abuse.
Mitigation Recommendations
European organizations should immediately upgrade Collabora Online installations to the patched versions: 23.05.20.1, 24.04.17.3, 25.04.7.5, or Development Edition 25.04.08.2. Until patching is complete, administrators should review and tighten user permission settings, minimizing the number of users with view-only access to sensitive documents. Implement monitoring and alerting for unusual file download activities, especially keyboard shortcut usage or unexpected file access patterns. Consider disabling or remapping the Ctrl+Shift+S shortcut at the application or system level as a temporary workaround. Conduct user training to raise awareness about the vulnerability and encourage reporting of suspicious behavior. Regularly audit document sharing policies and access logs to detect unauthorized data retrieval attempts. Collaborate with IT and security teams to integrate vulnerability management processes ensuring timely updates of collaboration platforms. Finally, evaluate alternative secure collaboration tools if patching is delayed or not feasible.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-14T16:08:37.482Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69852b85f9fa50a62f4b244c
Added to database: 2/5/2026, 11:45:09 PM
Last enriched: 2/13/2026, 7:23:34 AM
Last updated: 3/22/2026, 2:09:22 AM
Views: 165
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.