CVE Catalog

CVE-2026-4881

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

In affected versions of Octopus Server, permissions were not checked correctly, allowing any authenticated user to make server-level changes via a specific API endpoint despite receiving an error.

Risk Assessment

The risk is that an unauthorized user can escalate privileges and modify server configuration, potentially leading to data integrity and confidentiality breaches.

Recommendation

It is recommended to immediately update Octopus Server to the latest version that includes a fix for this vulnerability.

Original NVD description (English source)

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS