Focalboard File Ownership Validation Vulnerability Allowing Unauthorized File Access

Vulnerability

A vulnerability exists in Focalboard version 8.0 due to improper validation of file ownership when serving uploaded files. This flaw enables an authenticated attacker to access the content of a file by knowing the victim's file ID. It is important to note that Focalboard as a standalone product is no longer maintained, and no fix will be provided.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files, allowing attackers to read sensitive information that should be protected.

Added: Apr 3, 2026, 2:18 PM

Updated: Apr 3, 2026, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.3

remediation

0.0

relevance

5.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.3

remediation

0.0

relevance

5.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Focalboard File Ownership Validation Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Affected Products

Mattermost Focalboard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating