CVE-2026-24901
Last modified
CVE-2026-24901 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Getoutline | Outline | < 1.4.0 |
References
- https://github.com/outline/outline/security/advisories/GHSA-gmr5-43f5-79f5Exploit, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-24901?
How severe is CVE-2026-24901?
How do I fix CVE-2026-24901?
Are you affected by CVE-2026-24901?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST