usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization_CVE-2026-6634

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6634

Source VulDB

Published Apr 20, 2026 at 11:30

Affected Product

Vendor usememos

Product memos

Version 0.22.0

Affected Versions usememos memos 0.22.0
usememos memos 0.22.1

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-20T11:30:13.847Z",
    "modified": "2026-04-20T11:30:13.847Z",
    "type": "cve",
    "title": "usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358268\nhttps://vuldb.com/vuln/358268/cti\nhttps://vuldb.com/submit/793432\nhttps://github.com/Dave-gilmore-aus/security-advisories/blob/main/usememos-security-advisory",
    "id": "CVE-2026-6634",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "usememos memos 0.22.0\nusememos memos 0.22.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "memos",
    "version": "0.22.0",
    "vendor": "usememos",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}