CVE-2026-43886HIGH 8.2EPSS p11.3%

CVE-2026-43886CVE-2026-43886

Description

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
EPSS0.21% probability of exploitation · percentile 11.3% · 2026-06-19T12:03:05Z
Published2026-05-11
Last modified2026-05-12

Underlying weaknesses· 1

CWE-269

References

  1. https://github.com/outline/outline/security/advisories/GHSA-7732-6qrg-wjf4
  2. https://github.com/outline/outline/security/advisories/GHSA-7732-6qrg-wjf4

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24901
CVE
CVE-2026-33640
CVE
CVE-2026-33577
CVE
CVE-2026-22172
CVE
CVE-2025-71278
CVE
CVE-2026-41404
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.