What is the CVSS score of EUVD-2026-29330?

EUVD-2026-29330 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-29330?

Yes, a patch is available for EUVD-2026-29330. Update the affected software to the latest version immediately.

OAuthInterface.validateScope EUVD-2026-29330

| CVE-2026-43886 HIGH

Improper Privilege Management (CWE-269)

2026-05-11 GitHub_M

Privilege Escalation

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 11, 2026 - 23:03 EUVD

CVE Published

May 11, 2026 - 21:06 nvd

HIGH 8.2

DescriptionNVD

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-29330 vulnerability details – vuln.today

Back