CVE-2026-3236

Low CVSS: 2.3

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.

Vendor

Octopus

Product

Octopus Server

CWE

CWE-863

Yayın Tarihi

2026-03-05 11:15:54

Güncelleme

2026-03-13 01:30:06

Source Identifier

security@octopus.com

KEV Date Added

Kategoriler

CWE-863 Octopus Server LOW Octopus 2026

Referanslar

https://advisories.octopus.com/post/2026/sa2026-02

Benzer Kayıtlar

Low

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change…

Medium

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API…

Medium

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests th…

Medium

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all se…

Low

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could con…

Low

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API…