exploitDog

GHSA-mmcc-ppg6-c7j2

Опубликовано: 25 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.9

CVSS3: 9.1

Описание

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Ссылки

EPSS

Процентиль: 25%

0.00086

Низкий

5.9 Medium

CVSS4

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2026-0704

CVSS3: 9.1

nvd

2 месяца назад

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

EPSS

Процентиль: 25%

0.00086

Низкий

5.9 Medium

CVSS4

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-22