OAuth State Vulnerability in Outline Service Affecting Slack Integration
CVE-2026-44695

5.8MEDIUM

Key Information:

Vendor: Outline
Status: Outline
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-44695?

The vulnerability exposes the Outline service, which facilitates collaborative documentation, through its Slack integration. Prior to version 1.7.1, the service's callback for interacting with Slack did not validate the OAuth state value, allowing an attacker with access to a compromised Slack OAuth code to link their Slack account with the outline user's account. This could permit unauthorized access to the victim’s Outline documents via the Slack /outline search command. The issue has been rectified in version 1.7.1, urging users to update their installations promptly.

Affected Version(s)

outline < 1.7.1

References

https://github.com/outline/outline/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44695 Data

JSON