Server
by Octopus
Source repositories
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4811 | Low | 0.14 | 2.2 | 0.00 | Jul 25, 2024 | In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts. | ||
| CVE-2026-8296 | 0.00 | — | 0.00 | Jun 19, 2026 | In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts. | |||
| CVE-2026-3236 | 0.00 | — | 0.00 | Mar 5, 2026 | In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token. | |||
| CVE-2026-0704 | 0.00 | — | 0.00 | Feb 25, 2026 | In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows. |
- risk 0.14cvss 2.2epss 0.00
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
- CVE-2026-8296Jun 19, 2026risk 0.00cvss —epss 0.00
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.
- CVE-2026-3236Mar 5, 2026risk 0.00cvss —epss 0.00
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
- CVE-2026-0704Feb 25, 2026risk 0.00cvss —epss 0.00
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
Page 4 of 4