CVE-2026-42889
Relay · Relay Server
Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in WebSocket endpoints, allowing unauthenticated attackers to read or modify document contents.
Executive summary
An authentication bypass vulnerability in Relay Server versions 0.9.0 through 0.9.6 allows unauthenticated attackers to access and modify sensitive data via WebSocket endpoints.
Vulnerability
This is an authentication bypass vulnerability occurring in multi-document WebSocket endpoints. It allows an unauthenticated network attacker to interact with the sync service without a valid token.
Business impact
This vulnerability poses a significant threat to data confidentiality and integrity. With a CVSS score of 9.1, it allows an unauthenticated attacker to manipulate or exfiltrate documents, which could lead to severe reputational damage and loss of intellectual property.
Remediation
Immediate Action: Update Relay Server to version 0.9.7 or later to resolve the authentication bypass.
Proactive Monitoring: Review WebSocket connection logs for unauthorized access attempts or unusual traffic patterns directed at document sync endpoints.
Compensating Controls: If immediate patching is not feasible, restrict network access to the Relay Server to trusted IP ranges and implement a Web Application Firewall (WAF) to filter malicious WebSocket traffic.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Administrators must treat this vulnerability with high urgency. Given the ease of access for unauthenticated attackers, deploying the update to version 0.9.7 is the only reliable way to mitigate the risk of unauthorized data access.