CVE-2026-33640PATCHED

fortinet · fortios

Outline has a rate limit bypass that allows brute force of email login OTP

Description

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid submissions, rather it relies on the rate limiter to restrict attempts. Consequently, identified bypasses in the rate limiter permit unrestricted OTP code submissions within the codes lifetime. This allows attackers to perform brute force attacks which enable account takeover. Version 1.6.0 fixes the issue.

Affected Products

Vendor	Product	Versions
fortinet	fortios	>= 0.86.0, < 1.6.0

References

https://github.com/outline/outline/security/advisories/GHSA-cwhc-53hw-qqx6(x_refsource_CONFIRM)
https://github.com/outline/outline/releases/tag/v1.6.0(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB3d ago

CVE-2026-33640 | Outline up to 1.5.x Submission excessive authentication (GHSA-cwhc-53hw-qqx6)

→ No new info (linked only)

CVSS 3.17.0 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available1.6.0

CWECWE-307

Published3/26/2026

Last enriched3d agov3

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-21643EXPKEV

CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiC

Trending: 146

CRITICALCVE-2026-24858EXPKEV

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0

Trending: 97

HIGHCVE-2025-59922

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 throug

HIGHCVE-2025-66178

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 throug

MEDIUMCVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 26, 2026

Discovered by ZDM

Mar 26, 2026

Updated: affectedVersions

Mar 27, 2026

Updated: description, severity, cvssEstimate, patchAvailable

Mar 27, 2026

Patch Available

Mar 30, 2026

Version History

Last enriched 3d ago

v3Tier C3d ago

Updated description with new technical details, changed severity to HIGH, set CVSS estimate to 7.0, and specified patch available as version 1.6.0.

descriptionseveritycvssEstimatepatchAvailable

via VulDB

v2Tier C3d ago

Updated description with new details, changed vendor and product to 'unknown' and 'Outline', updated affected versions to '<= 1.5.x', and changed severity to 'PROBLEMATIC'.

affectedVersions

via VulDB

v13d ago

Initial creation