CVE-2026-25062

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.4.0

Description Outline is a collaborative documentation service. Before version 1.4.0, the application was susceptible to a file-reading issue during the JSON import process. Specifically, the attachments[].key value from imported JSON was used directly in constructing a file path using path.join(rootPath, node.key) and subsequently read using fs.readFile without proper validation. This allowed an attacker to potentially read arbitrary files on the server by embedding path traversal sequences like ../ or absolute paths within the attachments[].key value, effectively importing these files as attachments.

Recommendations Update to version 1.4.0 or later.