What is CVE-2026-22819?

CVE-2026-22819 is a medium-severity vulnerability in Akinloluwami Outray, classified under Race Condition within a Thread. CVSS score: 5.9/10. Published 2026-01-14.

How severe is CVE-2026-22819?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Akinloluwami Outray

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdo…

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H.

Affected products

Akinloluwami Outray — versions < 0.1.5

Weakness classification (CWE)

CWE-366 — Race Condition within a Thread

References

https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g (x_refsource_CONFIRM)
https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-22819?: CVE-2026-22819 is a medium-severity vulnerability in Akinloluwami Outray, classified under Race Condition within a Thread. CVSS score: 5.9/10. Published 2026-01-14.
How severe is CVE-2026-22819?: Medium severity. CVSS v3 base score is 5.9 out of 10.