CVE-2026-40300 - Vulnerability Details

Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

zulip

affected

Version	Status	Constraints
`< 12.0`	affected	—

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Zulip Subscribe	Zulip Subscribe

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89cr

History

Tue, 12 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zulip Zulip zulip
Vendors & Products		Zulip Zulip zulip

Tue, 12 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
Title		Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history
Weaknesses		CWE-284
References		https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89cr
Metrics		cvssV4_0 `{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-12T16:33:02.829Z

Updated: 2026-05-12T16:33:02.829Z

Reserved: 2026-04-10T20:22:44.035Z

Link: CVE-2026-40300

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-12T17:16:20.150

Modified: 2026-05-12T17:16:20.150

Link: CVE-2026-40300

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T17:45:20Z

Weaknesses

CWE-284

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object