PT-2026-7662 · Outline · Outline
Published
2026-02-11
·
Updated
2026-02-20
·
CVE-2025-68663
CVSS v4.0
6.9
Medium
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Outline versions prior to 1.1.0
Description
Outline’s WebSocket authentication mechanism had a flaw that permitted suspended users to maintain or create real-time WebSocket connections. This allowed them to continue receiving sensitive operational updates even after their account suspension.
Recommendations
Update to version 1.1.0 or later.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Outline