QwikSec

Security Database

CVE

CWE

Training

CVE-2026-40300

Published: May 12, 2026

Modified: May 13, 2026

PUBLISHED

Description

Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.

Vendor	Product	Versions
zulip	zulip	affected `< 12.0`

Weaknesses (CWE)

References

https://github.com/zulip/zulip/security/advisories/GHSA-jp8f-mvv6-89cr

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-40300 - Security Vulnerability | QwikSec