CVE-2026-0704

Medium CVSS: 5.9

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Vendor

Octopus

Product

Octopus Server

CWE

NVD-CWE-noinfo

Yayın Tarihi

2026-02-25 13:16:04

Güncelleme

2026-02-27 15:16:26

Source Identifier

security@octopus.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo Octopus Server MEDIUM Octopus 2026

Referanslar

https://advisories.octopus.com/post/2026/sa2026-01

Benzer Kayıtlar

Low

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change…

Low

CVE-2026-3236

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting i…

Medium

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests th…

Medium

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all se…

Low

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could con…

Low

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API…