Vulnerability in Octopus Deploy Server
CVE-2026-3237
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It…
EPSS: 0.000 (12.9th percentile) — read the EPSS interpretation.
Affected products
- Octopus Deploy Server — versions 2023.0.0, 2025.4.0, 2026.1.0