What is the CVSS score of CVE-2026-43886?

CVE-2026-43886 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-43886?

Yes, a patch is available for CVE-2026-43886. Update the affected software to the latest version immediately.

OAuthInterface.validateScope CVE-2026-43886

EUVD-2026-29330 HIGH

Improper Privilege Management (CWE-269)

2026-05-11 GitHub_M

Privilege Escalation

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 11, 2026 - 23:03 EUVD

CVE Published

May 11, 2026 - 21:06 nvd

HIGH 8.2

DescriptionNVD

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-43886 vulnerability details – vuln.today

Back