CVE Catalog

CVE-2026-42889

Critical
Published: Translated: NVD NIST

Summary

Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. An unauthenticated attacker could access document contents if they know or guess a document ID.

Risk Assessment

The organization is at risk of unauthorized access to documents, which could lead to data leakage or modification.

Recommendation

It is recommended to upgrade to version 0.9.7 to mitigate this security vulnerability.

Original NVD description (English source)

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full server permissions. An unauthenticated network attacker who knows or guesses a document ID could connect to the document sync WebSocket and read or modify document contents without a valid document token. This vulnerability is fixed in 0.9.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS