← volver
CVE-2026-43886

Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access

CVSS 8.2 HIGHEPSS 0.2%CWE-269
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Productos afectados
outline · outline

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/outline/outline/security/advisories/GHSA-7732-6qrg-wjf4