CVE-2025-58351
Outline versions 0.72.0–0.83.0 include a local file storage feature that can bypass CSP and Content-Type checks when FILE_STORAGE=local is used on the same domain. A malicious payload uploaded as a file attachment could be executed in another user’s context. This is fixed in version 0.84.0. The c...