Vulnerability in Outline

CVE-2026-33640

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invali…

EPSS: 0.000 (9.0th percentile) — read the EPSS interpretation.

Affected products

Outline — versions >= 0.86.0, < 1.6.0

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

https://github.com/outline/outline/security/advisories/GHSA-cwhc-53hw-qqx6 (x_refsource_CONFIRM)
https://github.com/outline/outline/releases/tag/v1.6.0 (x_refsource_MISC)