Octoprint
by Octoprint
Source repositories
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16710 | Cri | 0.59 | 9.1 | 0.02 | Sep 7, 2018 | OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting… | ||
| CVE-2026-54134 | hig | 0.45 | — | — | Jun 23, 2026 | ### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload… | ||
| CVE-2026-35163 | med | 0.26 | — | — | Jun 23, 2026 | ### Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully… | ||
| CVE-2026-23892 | 0.00 | — | 0.00 | Jan 27, 2026 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that… | |||
| CVE-2025-64187 | 0.00 | — | 0.00 | Nov 7, 2025 | OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker… | |||
| CVE-2025-58180 | 0.00 | — | 0.19 | Sep 9, 2025 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution… | |||
| CVE-2025-48879 | 0.00 | — | 0.00 | Jun 10, 2025 | OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered… | |||
| CVE-2025-48067 | 0.00 | — | 0.00 | Jun 10, 2025 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by… | |||
| CVE-2025-32788 | 0.00 | — | 0.00 | Apr 22, 2025 | OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk… | |||
| CVE-2024-49377 | 0.00 | — | 0.00 | Nov 5, 2024 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a… | |||
| CVE-2024-51493 | 0.00 | — | 0.00 | Nov 5, 2024 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to… | |||
| CVE-2024-32977 | 0.00 | — | 0.01 | May 14, 2024 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within… | |||
| CVE-2024-28237 | 0.00 | — | 0.00 | Mar 18, 2024 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when… | |||
| CVE-2024-23637 | 0.00 | — | 0.01 | Jan 31, 2024 | OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who… | |||
| CVE-2023-41047 | 0.00 | — | 0.01 | Oct 9, 2023 | OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use… | |||
| CVE-2022-3607 | 0.00 | — | 0.00 | Oct 19, 2022 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | |||
| CVE-2022-3068 | 0.00 | — | 0.00 | Sep 21, 2022 | Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. | |||
| CVE-2022-2888 | 0.00 | — | 0.00 | Sep 21, 2022 | If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. | |||
| CVE-2022-2872 | 0.00 | — | 0.01 | Sep 21, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | |||
| CVE-2022-2930 | 0.00 | — | 0.00 | Aug 22, 2022 | Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. |
- risk 0.59cvss 9.1epss 0.02
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting…
- risk 0.45cvss —epss —
### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload…
- risk 0.26cvss —epss —
### Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully…
- CVE-2026-23892Jan 27, 2026risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that…
- CVE-2025-64187Nov 7, 2025risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker…
- CVE-2025-58180Sep 9, 2025risk 0.00cvss —epss 0.19
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution…
- CVE-2025-48879Jun 10, 2025risk 0.00cvss —epss 0.00
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered…
- CVE-2025-48067Jun 10, 2025risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by…
- CVE-2025-32788Apr 22, 2025risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk…
- CVE-2024-49377Nov 5, 2024risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a…
- CVE-2024-51493Nov 5, 2024risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to…
- CVE-2024-32977May 14, 2024risk 0.00cvss —epss 0.01
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within…
- CVE-2024-28237Mar 18, 2024risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when…
- CVE-2024-23637Jan 31, 2024risk 0.00cvss —epss 0.01
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who…
- CVE-2023-41047Oct 9, 2023risk 0.00cvss —epss 0.01
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use…
- CVE-2022-3607Oct 19, 2022risk 0.00cvss —epss 0.00
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-3068Sep 21, 2022risk 0.00cvss —epss 0.00
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-2888Sep 21, 2022risk 0.00cvss —epss 0.00
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
- CVE-2022-2872Sep 21, 2022risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-2930Aug 22, 2022risk 0.00cvss —epss 0.00
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
Page 1 of 2