Vulnerabilities in Octopus Deploy
66 resultsCVE-2026-8296MEDIUMIn affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.EPSS 0.2%CVE-2021-31821—When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus SeEPSS 0.2%CVE-2022-4008MEDIUMIn affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of ServiceEPSS 0.2%CVE-2022-2781—In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and vEPSS 0.2%CVE-2026-3236LOWIn affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key haEPSS 0.2%CVE-2026-3237LOWIn affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiEPSS 0.2%