Skip to main content

Outline EUVDEUVD-2026-29330

| CVE-2026-43886 HIGH
Improper Privilege Management (CWE-269)
2026-05-11 GitHub_M
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
May 11, 2026 - 23:03 EUVD
CVE Published
May 11, 2026 - 21:06 nvd
HIGH 8.2

DescriptionGitHub Advisory

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

Analysis

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

CVE-2024-37829 HIGH POC
8.8 Jul 09

An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafte

CVE-2023-54331 HIGH POC
7.8 Jan 13

Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with eleva

CVE-2024-37830 MEDIUM POC
6.1 Jul 09

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and chang

CVE-2026-25062 MEDIUM POC
5.5 Feb 11

Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attack

CVE-2024-40626 MEDIUM POC
5.4 Jul 16

Outline is an open source, collaborative document editor. Rated medium severity (CVSS 5.4), this vulnerability is remote

CVE-2023-3532 MEDIUM POC
5.4 Jul 07

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. Rated medium severity (CVSS 5.

CVE-2022-2342 MEDIUM POC
5.4 Jul 07

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. Rated medium severity (CVSS 5

CVE-2026-33640 CRITICAL
9.1 Mar 26

Account takeover in Outline collaborative documentation service versions 0.86.0 through 1.5.x enables unauthenticated at

CVE-2026-43888 HIGH
8.7 May 11

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extract

CVE-2026-24901 HIGH
8.1 Mar 17

An Insecure Direct Object Reference (IDOR) vulnerability in Outline's document restoration logic allows any authenticate

CVE-2026-43890 HIGH
7.7 May 11

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API end

CVE-2026-41649 HIGH
7.7 Apr 28

Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0

Share

EUVD-2026-29330 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy