CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.1%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89cr
https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89cr

Products affected by CVE-2026-40300

Zulip » Zulip Server » Version: 10.0

cpe:2.3:a:zulip:zulip_server:10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40300

Products

Pricing

Contact Us