VYPR

Vendor CVEs

Octoprint

All CVEs

23 total · sorted by risk
  • CVE-2018-16710CriSep 7, 2018
    risk 0.59cvss 9.1epss 0.02

    OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting…

  • CVE-2026-54134higJun 23, 2026
    risk 0.45cvss epss

    ### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload…

  • CVE-2026-35163medJun 23, 2026
    risk 0.26cvss epss

    ### Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully…

  • CVE-2026-23892Jan 27, 2026
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that…

  • CVE-2025-64187Nov 7, 2025
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker…

  • CVE-2025-58180Sep 9, 2025
    risk 0.00cvss epss 0.19

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution…

  • CVE-2025-48879Jun 10, 2025
    risk 0.00cvss epss 0.00

    OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered…

  • CVE-2025-48067Jun 10, 2025
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by…

  • CVE-2025-32788Apr 22, 2025
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk…

  • CVE-2024-49377Nov 5, 2024
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a…

  • CVE-2024-51493Nov 5, 2024
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to…

  • CVE-2024-32977May 14, 2024
    risk 0.00cvss epss 0.01

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within…

  • CVE-2024-28237Mar 18, 2024
    risk 0.00cvss epss 0.00

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when…

  • CVE-2024-23637Jan 31, 2024
    risk 0.00cvss epss 0.01

    OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who…

  • CVE-2023-41047Oct 9, 2023
    risk 0.00cvss epss 0.01

    OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use…

  • CVE-2022-3607Oct 19, 2022
    risk 0.00cvss epss 0.00

    Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.

  • CVE-2022-3068Sep 21, 2022
    risk 0.00cvss epss 0.00

    Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.

  • CVE-2022-2888Sep 21, 2022
    risk 0.00cvss epss 0.00

    If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

  • CVE-2022-2872Sep 21, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.

  • CVE-2022-2930Aug 22, 2022
    risk 0.00cvss epss 0.00

    Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.

  • CVE-2022-2822Aug 15, 2022
    risk 0.00cvss epss 0.01

    An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

  • CVE-2022-1432May 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.

  • CVE-2022-1430May 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.