Logic Error in Outline API Authentication Allows Escalation of Access Rights
CVE-2026-43886

8.2HIGH

Key Information:

Vendor: Outline
Status: Outline
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-43886?

Outline, a collaborative documentation service, has a flaw in its OAuth authentication system. In versions 0.84.0 to 1.6.1, a logic error in the OAuthInterface's validateScope method allows an attacker to exploit how requested scopes are validated. The use of Array.some() in the validation process permits an attacker to send a wildcard scope request, such as scope=read *, which can effectively escalate a read-only OAuth token to gain unrestricted access to the API, including write, delete, and admin privileges. This vulnerability has been remedied in version 1.7.0.

Affected Version(s)

outline >= 0.84.0, < 1.7.0

References

https://github.com/outline/outline/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43886 Data

JSON