CVE-2026-25062

Published: Feb 11, 2026

Modified: Feb 11, 2026

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal sequences such as ../ or absolute paths, an attacker can read arbitrary files on the server and import them as attachments. This vulnerability is fixed in 1.4.0.

Vendor	Product	Versions
outline	outline	affected `< 1.4.0`

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

References

https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf

x_refsource_CONFIRM

https://github.com/outline/outline/releases/tag/v1.4.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-25062

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References