CVE-2026-23623
📋 TL;DR
This vulnerability allows users with view-only access to download files they shouldn't be able to access by using the Ctrl+Shift+S keyboard shortcut. It affects Collabora Online installations where users have view-only permissions without download rights. The bypass allows unauthorized data retrieval from shared documents.
💻 Affected Systems
- Collabora Online
- Collabora Online Development Edition
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sensitive documents with view-only restrictions could be downloaded and exfiltrated by unauthorized users, leading to data breaches of confidential information.
Likely Case
Users with legitimate view access but no download permissions can save local copies of documents they shouldn't be able to download, violating access control policies.
If Mitigated
With proper network segmentation and monitoring, the impact is limited to internal data exposure rather than external data theft.
🎯 Exploit Status
Exploitation requires authenticated user with view-only access and knowledge of the keyboard shortcut.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Collabora Online Development Edition 25.04.08.2; Collabora Online 23.05.20.1, 24.04.17.3, or 25.04.7.5
Vendor Advisory: https://github.com/CollaboraOnline/online/security/advisories/GHSA-68v6-r6qq-mmq2
Restart Required: Yes
Instructions:
1. Identify your Collabora Online version. 2. Upgrade to patched version: 25.04.08.2 (Development Edition) or 23.05.20.1/24.04.17.3/25.04.7.5 (Stable). 3. Restart the Collabora Online service. 4. Verify the fix by testing view-only user permissions.
🔧 Temporary Workarounds
Disable keyboard shortcuts
allTemporarily disable or modify keyboard shortcut handling in Collabora Online configuration
# Modify Collabora Online configuration to disable Ctrl+Shift+S
# Configuration varies by deployment method
Remove view-only permissions
allTemporarily upgrade all view-only users to edit permissions or remove access entirely
# Adjust user permissions in your document management system
# This is a temporary workaround with operational impact
🧯 If You Can't Patch
- Implement strict network monitoring for unusual download patterns from view-only users
- Add additional access controls at the document storage layer to prevent file downloads
🔍 How to Verify
Check if Vulnerable:
Test with a view-only user account: open a shared document and press Ctrl+Shift+S. If download initiates, system is vulnerable.Check Version:
# Check Collabora Online version via admin interface or: docker exec collabora-online cat /etc/coolwsd/coolwsd.xml | grep versionVerify Fix Applied:
After patching, repeat the test with view-only user. Download should not initiate with Ctrl+Shift+S.📡 Detection & Monitoring
Log Indicators:
- Unusual download activity from view-only user accounts
- Multiple file access attempts from single view-only user
Network Indicators:
- Unexpected file transfers from Collabora Online server to view-only users
SIEM Query:
source="collabora_logs" user_permission="view-only" action="download" OR action="save"