GHSA-4cq7-5c7c-cc5r
Papermark versions through 0.22.0 have a CORS misconfiguration vulnerability in the TUS-based viewer upload endpoint. This flaw allows unauthenticated remote attackers to perform credentialed cross-origin requests by reflecting arbitrary Origins with Access-Control-Allow-Credentials set to true. Attackers can trick authenticated users into visiting malicious sites that silently upload files to victim datarooms and read credentialed responses.
AI Analysis
Technical Summary
Papermark through version 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability (CWE-942) in its TUS-based viewer upload endpoint. The endpoint reflects arbitrary request Origins in the Access-Control-Allow-Origin header while setting Access-Control-Allow-Credentials to true. This allows unauthenticated remote attackers to exploit credentialed cross-origin requests by luring authenticated victims to malicious web pages. These pages can silently issue requests that upload arbitrary files into the victim's datarooms and read credentialed responses, potentially compromising data confidentiality and integrity.
Potential Impact
The vulnerability enables attackers to perform credentialed cross-origin requests without authentication, potentially allowing unauthorized file uploads into victim datarooms and access to sensitive responses. This could lead to unauthorized data manipulation or disclosure within the affected application environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid exposing the vulnerable endpoint to untrusted origins and consider implementing stricter CORS policies or disabling the TUS-based viewer upload endpoint if feasible.
GHSA-4cq7-5c7c-cc5r
Description
Papermark versions through 0.22.0 have a CORS misconfiguration vulnerability in the TUS-based viewer upload endpoint. This flaw allows unauthenticated remote attackers to perform credentialed cross-origin requests by reflecting arbitrary Origins with Access-Control-Allow-Credentials set to true. Attackers can trick authenticated users into visiting malicious sites that silently upload files to victim datarooms and read credentialed responses.
CVSS v4.0
Affected software
pkg:github/papermark/papermarkRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Papermark through version 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability (CWE-942) in its TUS-based viewer upload endpoint. The endpoint reflects arbitrary request Origins in the Access-Control-Allow-Origin header while setting Access-Control-Allow-Credentials to true. This allows unauthenticated remote attackers to exploit credentialed cross-origin requests by luring authenticated victims to malicious web pages. These pages can silently issue requests that upload arbitrary files into the victim's datarooms and read credentialed responses, potentially compromising data confidentiality and integrity.
Potential Impact
The vulnerability enables attackers to perform credentialed cross-origin requests without authentication, potentially allowing unauthorized file uploads into victim datarooms and access to sensitive responses. This could lead to unauthorized data manipulation or disclosure within the affected application environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid exposing the vulnerable endpoint to untrusted origins and consider implementing stricter CORS policies or disabling the TUS-based viewer upload endpoint if feasible.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-4cq7-5c7c-cc5r
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-57957"]
- Ecosystems
- []
- Database Specific Severity
- LOW
- Cvss Version
- 4.0
Threat ID: 6a42ed1b27e9c7971993312c
Added to database: 06/29/2026, 22:09:31 UTC
Last enriched: 06/29/2026, 22:13:45 UTC
Last updated: 06/30/2026, 01:31:29 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.