Cyber Posture

CVE-2023-54331

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-54331 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Getoutline Outline. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SA-6 (Software Usage Restrictions).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Establishes and enforces secure configuration settings, including properly quoted paths for Windows services, directly preventing exploitation of unquoted service path vulnerabilities.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws like unquoted service paths through patching or configuration fixes.

SA-6 Software Usage Restrictions good match
prevent

Implements deny-by-exception software execution policies via whitelisting to block unauthorized malicious executables from running despite unquoted service paths.

NVD Description

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed…

more

with LocalSystem permissions.

Deeper analysisAI

CVE-2023-54331 is an unquoted service path vulnerability affecting Outline version 1.6.0. The issue resides in the OutlineService executable, where the service path is not properly quoted, enabling local privilege escalation. This flaw, classified under CWE-428, has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential upon successful exploitation.

Local attackers with low-privilege (PR:L) access on a vulnerable system can exploit the unquoted path by placing a malicious executable in a directory that precedes the legitimate OutlineService binary in the system's search path. When the OutlineService is started or restarted, the system executes the attacker's malicious code instead, granting LocalSystem-level privileges. This allows full control over the system, including arbitrary code execution with elevated permissions.

Advisories and references provide further details on the vulnerability. The Vulncheck advisory at https://www.vulncheck.com/advisories/outline-unquoted-service-path outlines the issue, while an exploit is publicly available at https://www.exploit-db.com/exploits/51128. The official Outline site at https://getoutline.org/ serves as a resource for the affected software. No specific patch details are detailed in the provided information.

A proof-of-concept exploit exists on Exploit-DB, demonstrating practical exploitability, though no evidence of widespread real-world exploitation is noted in the available data.

Details

CWE(s)
CWE-428

Affected Products

getoutline
outline
all versions

CVEs Like This One

CVE-2025-64487Same product: Getoutline Outline
CVE-2026-41649Same product: Getoutline Outline
CVE-2026-33640Same product: Getoutline Outline
CVE-2026-24901Same product: Getoutline Outline
CVE-2019-25276Shared CWE-428
CVE-2020-37098Shared CWE-428
CVE-2021-47809Shared CWE-428
CVE-2024-57276Shared CWE-428
CVE-2020-37100Shared CWE-428
CVE-2021-47790Shared CWE-428

References