By vendor
Octopus vulnerabilities
Known CVEs affecting Octopus products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-4881MEDIUM 6.5
Octopus Server contains a missing permission check in one of its API endpoints. Any authenticated user—even with minimal privileges—can exploit this flaw to make server-level changes, such as modifying configuration or access controls. The vulnerability is deceptive: the API returns an error message to the caller, but the requested changes are applied anyway. This allows a low-privileged insider or compromised account to escalate their impact significantly.