CVE-2026-27579

HIGH

karnop realtime-collaboration-platform - Origin Validation Error in CORS Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-27579. PoCs published by XiaomingX, AdityaBhatt3010, mbanyamer.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-27579, which leverages a CORS misconfiguration in Appwrite to steal authenticated user data via credentialed cross-origin requests. The exploit sets up a malicious server that tricks victims into leaking their account information when visiting an attacker-controlled page.

Description

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.

Exploits (3)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-27579

This repository contains a functional exploit PoC for CVE-2026-27579, which leverages a CORS misconfiguration in Appwrite to steal authenticated user data via credentialed cross-origin requests. The exploit sets up a malicious server that tricks victims into leaking their account information when visiting an attacker-controlled page.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Appwrite Cloud (realtime-collaboration-platform)
No auth needed
Prerequisites: Victim must be logged into the target platform · Attacker must host the malicious server and lure the victim to visit the link
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 1 stars
by AdityaBhatt3010 · poc
https://github.com/AdityaBhatt3010/CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure

The repository contains a functional proof-of-concept exploit for CVE-2026-27579, demonstrating a CORS misconfiguration in the Appwrite backend of the realtime-collaboration-platform. The exploit leverages permissive CORS settings to exfiltrate authenticated user data via a simple fetch request.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: realtime-collaboration-platform (Appwrite backend)
Auth required
Prerequisites: Victim must be logged into the target application · Attacker must lure victim to a malicious webpage
devstral-2 · analyzed Mar 01, 2026 Full analysis →
nomisec WORKING POC
by mbanyamer · poc
https://github.com/mbanyamer/CVE-2026-27579-CollabPlatform-Appwrite-CORS-Misconfiguration

This repository contains a functional exploit for CVE-2026-27579, which leverages a CORS misconfiguration in Appwrite to steal authenticated user data via credentialed cross-origin requests. The exploit uses a Flask server to host a malicious page that exfiltrates user data when visited by a logged-in victim.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Appwrite Cloud (realtime-collaboration-platform)
No auth needed
Prerequisites: Victim must be logged into the target platform · Attacker must host the exploit server and lure the victim to visit the malicious link
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.4
EPSS 0.0023
EPSS Percentile 13.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-346 CWE-942
Status published
Products (1)
karnop/realtime-collaboration-platform <= master
Published Feb 21, 2026
Tracked Since Feb 21, 2026