CVE-2026-43890 - Outline: IDOR in subscriptions.create allows cross-tenant subscription on private documents (sibling of GHSA-23jj-rp48-w7q7)
CVE ID :CVE-2026-43890 Published : May 11, 2026, 10:22 p.m. | 43 minutes ago Description :Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authoriz
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Google Detects First AI-Generated Zero-Day Exploit
- [CYBER] Privacy watchdog wraps up probe into Coupang data leak, to decide penalty as early as June
- [CYBER] Pressure mounts on Canvas as data leak extortion deadline looms
- [CYBER] Developer of education tool Canvas issues apology after hack
- [CYBER] Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
- [CYBER] Nvidia GeForce NOW data breach confirmed — but luckily most of us will be safe, here's why