EUVD-2026-12582CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
Analysis
An Insecure Direct Object Reference (IDOR) vulnerability in Outline's document restoration logic allows any authenticated team member to restore, view, and take ownership of deleted drafts belonging to other users, including administrators. Attackers can access sensitive private information and lock the original owners out of their own content by exploiting the missing ownership validation during the restore process. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable document restoration functionality in Outline settings and audit recent restore activity logs for unauthorized access. Within 7 days: Conduct a forensic review of deleted documents and restore history to identify potential unauthorized access; implement role-based access controls restricting document visibility. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today