What is the CVSS score of CVE-2026-24901?

CVE-2026-24901 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Outline are affected by CVE-2026-24901?

Outline versions prior to 1.4.0 contain an authentication bypass in document restoration that permits any team member to access, restore, and claim ownership of deleted documents belonging to other…. A patch is available.

How to fix or mitigate CVE-2026-24901?

Within 24 hours: Identify all Outline instances in your environment and verify current versions against 1.4.0. Within 7 days: Upgrade all affected Outline deployments to version 1.4.0 or later per vendor advisory. Within 30 days: Audit restoration activity logs for the past 90 days to detect unauthorized document access or ownership changes, and notify users of any suspicious restoration events affecting their accounts.

Outline CVE-2026-24901

EUVD-2026-12582 HIGH

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-03-17 GitHub_M

Authentication Bypass Outline

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:21 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.4.0

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12582

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

CVE Published

Mar 17, 2026 - 15:28 nvd

HIGH 8.1

DescriptionGitHub Advisory

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.

AnalysisAI

An Insecure Direct Object Reference (IDOR) vulnerability in Outline's document restoration logic allows any authenticated team member to restore, view, and take ownership of deleted drafts belonging to other users, including administrators. Attackers can access sensitive private information and lock the original owners out of their own content by exploiting the missing ownership validation during the restore process. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as team member

Delivery

Access document restoration API

Exploit

Modify document ID parameter

Execution

Restore deleted draft of other user

Impact

Seize ownership and access sensitive data