A vulnerability described as problematic has been identified in Outline up to 1.6.x . The impacted element is the function shares.create of the component API Endpoint . Such manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-41649 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.