By vendor

Octopus vulnerabilities

Known CVEs affecting Octopus products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-4881MEDIUM 6.5

    Octopus Server contains a missing permission check in one of its API endpoints. Any authenticated user—even with minimal privileges—can exploit this flaw to make server-level changes, such as modifying configuration or access controls. The vulnerability is deceptive: the API returns an error message to the caller, but the requested changes are applied anyway. This allows a low-privileged insider or compromised account to escalate their impact significantly.