{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T03:49:33.346","vulnerabilities":[{"cve":{"id":"CVE-2026-25062","sourceIdentifier":"security-advisories@github.com","published":"2026-02-11T21:16:18.607","lastModified":"2026-02-20T18:10:18.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal sequences such as ../ or absolute paths, an attacker can read arbitrary files on the server and import them as attachments. This vulnerability is fixed in 1.4.0."},{"lang":"es","value":"Outline es un servicio que permite la documentación colaborativa. Antes de 1.4.0, durante el proceso de importación de JSON, el valor de attachments[].key del JSON importado se pasa directamente a path.join(rootPath, node.key) y luego se lee usando fs.readFile sin validación. Al incrustar secuencias de salto de ruta como ../ o rutas absolutas, un atacante puede leer archivos arbitrarios en el servidor e importarlos como adjuntos. Esta vulnerabilidad se corrigió en 1.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getoutline:outline:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.0","matchCriteriaId":"A1297792-2032-4407-B790-09BFBDF42500"}]}]}],"references":[{"url":"https://github.com/outline/outline/releases/tag/v1.4.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/outline/outline/security/advisories/GHSA-7r4f-3wjv-83xf","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}