CVE-2026-44695

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.1

Description The Slack integration callback for the endpoint "/auth/slack.post" accepts an unsigned, session-independent OAuth state value. This allows a third party with a Slack OAuth code for the same Outline Slack client to trick a logged-in user into completing the callback. Consequently, the user's Outline account is linked to the attacker's team id and user id. The attacker can then utilize the Slack "/outline" search command while impersonating the victim Outline user.

Recommendations Update to version 1.7.1.