cvedb.io
CVE-2026-3237
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-03-17T07:16:03.610 · Last modified 2026-06-17T10:43:16.037

Summary

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this vulnerability.

Affected products

octopus — octopus_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when octopus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.