LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-24901

CVE-2026-24901 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 18, 2026

Outline - Insecure Direct Object Reference

Published: March 17, 2026Updated: March 18, 2026Remote Exploitable

Overview

Outline < 1.4.0 contains an insecure direct object reference caused by bypassing ownership validation in document restoration logic, letting team members restore, view, and seize ownership of deleted drafts of others, exploit requires team membership.

Severity & Score

Severity: High
CVSS Score: 8.1
EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Attackers can access sensitive private drafts and lock original owners out, compromising confidentiality and ownership control.

Mitigation

Update to version 1.4.0 or later.

References

Social Media Activity(3 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-24901 - High (8.1) Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-24901/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-24901 - High (8.1) Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-24901/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-24901 - High (8.1) Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-24901/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-24901
Severity
High
CVSS Score
8.1
Type
broken_access_control
Status
unconfirmed
EPSS
2.8%
Social Posts
3

CWE

  • CWE-639

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.8%Probability of exploitation in the next 30 days