CVE-2026-5484
Received Received - Intake
Improper Access Control in BookStack Chapter Export Handler

Publication date: 2026-04-03

Last updated on: 2026-04-03

Assigner: VulDB

Description
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5484
EUVD
EUVD-2026-18819
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
bookstackapp bookstack to 26.03.1 (exc)
bookstackapp bookstack to 26.03 (inc)
bookstackapp bookstack 26.03.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the BookStack application, specifically in the chapterToMarkdown function within the Chapter Export Handler component. It involves improper access controls due to manipulation of the 'pages' argument. An attacker can exploit this remotely to gain unauthorized access.

Impact Analysis

The vulnerability can lead to improper access controls, allowing an attacker to access data or functionality they should not be able to. Since the exploit is publicly available and can be launched remotely, it increases the risk of unauthorized data exposure.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected BookStack component to version 26.03.1, which contains the patch addressing the issue.

This upgrade fixes the weakness in the chapterToMarkdown function of the Chapter Export Handler that allows improper access controls via manipulation of the argument pages.

It is advisable to apply this update as soon as possible to prevent potential remote exploitation.

Compliance Impact

The vulnerability in BookStack allows unauthorized users to access page content that should be restricted by permissions during markdown export operations. This improper access control can lead to exposure of protected or sensitive information.

Such unauthorized disclosure of protected content could potentially violate compliance requirements in standards and regulations like GDPR or HIPAA, which mandate strict access controls and protection of sensitive data.

By allowing unauthorized viewing of restricted content, the vulnerability undermines data confidentiality and access control policies that are critical for regulatory compliance.

The issue is addressed in BookStack version 26.03.1, which enforces proper permission checks during markdown exports, thereby helping organizations maintain compliance by preventing unauthorized data exposure.

Detection Guidance

This vulnerability (CVE-2026-5484) affects BookStack versions up to 26.03, specifically in the markdown export functionality where improper permission checks allow unauthorized access to restricted page content.

To detect if your system is vulnerable, you should first verify the version of BookStack you are running. If it is version 26.03 or earlier, it is vulnerable.

You can check the BookStack version by running a command on the server hosting BookStack, for example:

  • Navigate to the BookStack installation directory and check the version in the composer.lock file or via Git tags:
  • cat composer.lock | grep -A 5 'bookstackapp/bookstack'
  • Or if you have Git access:
  • git describe --tags

Additionally, to detect exploitation attempts on your network or system, you can monitor HTTP requests targeting the markdown export endpoint, which is typically accessible remotely.

  • Look for requests to the markdown export API or URL path related to chapter exports, such as requests to endpoints like `/chapter-export/markdown` or similar.
  • Example command to monitor such requests in real-time from web server logs (assuming Apache logs):
  • tail -f /var/log/apache2/access.log | grep 'chapter-export/markdown'
  • Or using grep to search for suspicious export requests in logs:
  • grep 'chapter-export/markdown' /var/log/apache2/access.log

Since the exploit involves manipulating the argument 'pages' during markdown export, monitoring for unusual or unauthorized export requests from users without proper permissions can help detect exploitation attempts.

Ultimately, the best detection is to verify the version and upgrade to BookStack v26.03.1 or later, which includes the fix enforcing proper permission checks on exported pages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5484. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart