Description

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.

INFO

Published Date :

2026-03-17T15:28:28.363Z

Last Modified :

2026-03-17T15:46:23.976Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24901 vulnerability.

Vendors Products
Getoutline
  • Outline
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24901.

URL Resource
https://github.com/outline/outline/security/advisories/GHSA-gmr5-43f5-79f5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact