CVE-2026-33640

Source
https://cve.org/CVERecord?id=CVE-2026-33640
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33640.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33640
Aliases
  • GHSA-cwhc-53hw-qqx6
Published
2026-03-26T20:56:37.818Z
Modified
2026-07-08T08:06:25.421241212Z
Severity
  • 9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Outline has a rate limit bypass that allows brute force of email login OTP
Details

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid submissions, rather it relies on the rate limiter to restrict attempts. Consequently, identified bypasses in the rate limiter permit unrestricted OTP code submissions within the codes lifetime. This allows attackers to perform brute force attacks which enable account takeover. Version 1.6.0 fixes the issue.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-307"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33640.json"
}
References

Affected packages

Git / github.com/outline/outline

Affected ranges

Type
GIT
Repo
https://github.com/outline/outline
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.86.0"
        },
        {
            "fixed": "1.6.0"
        }
    ],
    "cpe": "cpe:2.3:a:getoutline:outline:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.86.0
v0.87.0
v0.87.1
v0.87.2
v0.87.4
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.2.0
v1.2.0-0
v1.4.0
v1.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33640.json"