CVE-2026-25642 - HedgeDoc security headers for uploaded files were not working

CVE ID : CVE-2026-25642 Published : Feb. 6, 2026, 8:16 p.m. | 29 minutes ago Description : HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious interactive web content (such as fake login forms) using SVG files. This vulnerability is fixed in 1.10.6. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...