CVE-2026-24901

Exploit

EPSS 0.04%
Veröffentlicht 17.03.2026 15:28:28
Zuletzt bearbeitet 19.03.2026 19:32:41
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getoutline ≫ Outline Version < 1.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/outline/outline/security/advisories/GHSA-gmr5-43f5-79f5

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-24901

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-24901

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-24901

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-24901