CNNVD-202602-1827 Information

CNNVD ID

CNNVD-202602-1827

Related CVE

CVE-2026-25062

• CNNVD Published: 2026-02-11

Description (Chinese)

Outline是Outline开源的一个知识库。 Outline 1.4.0之前版本存在路径遍历漏洞，该漏洞源于JSON导入过程中对导入的attachments[].key值验证不足，可能导致攻击者读取服务器上的任意文件。

Description (English)

Outline is an open-source knowledge base for Outline. The previous version of Outline 1.4.0 had a loophole in the path, which stemmed from the inadequate validation of imported attachments[].key during the JSON import process, which could lead the assailant to read any files on the server.

Vulnerability Type

路径遍历

Affected Vendor

Outline

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/outline/outline/releases/tag/v1.4.0 https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf

Patch

https://github.com/outline/outline/releases