CVE-2026-25062

Medium CVSS: 5.5

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal sequences such as ../ or absolute paths, an attacker can read arbitrary files on the server and import them as attachments. This vulnerability is fixed in 1.4.0.

Vendor

Getoutline

Product

Outline

CWE

CWE-22

Yayın Tarihi

2026-02-11 21:16:18

Güncelleme

2026-02-20 18:10:18

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Outline MEDIUM Getoutline 2026

Referanslar

https://github.com/outline/outline/releases/tag/v1.4.0 https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf

Benzer Kayıtlar

Critical

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users n…

High

CVE-2026-24901

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (I…

Medium

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for…

Medium

CVE-2025-68663

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's…

High

CVE-2025-64487

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability e…

High

CVE-2023-54331

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitra…