Home / Vulnerability Intelligence / CVE-2026-21853

CVE-2026-21853 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 2, 2026

AFFiNE - Remote Code Execution

Published: March 2, 2026Updated: March 2, 2026Remote Exploitable

Overview

AFFiNE < 0.25.4 contains a remote code execution caused by processing specially crafted affine: URLs in the custom URL handler, letting attackers execute arbitrary code remotely via crafted links, exploit requires victim interaction or automatic redirect.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 15.8%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code on victim machines remotely, leading to full system compromise.

Mitigation

Update to version 0.25.4 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2026-21853 - High (8.8) AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a websit... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21853/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21853
Severity: High
CVSS Score: 8.8
Type: remote_code_execution
Status: unconfirmed
EPSS: 15.8%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

15.8%Probability of exploitation in the next 30 days