CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.7%

CVSS Severity

CVSS v3 Score 3.7

References

https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581
https://github.com/outray-tunnel/outray/security/advisories/GHSA-3pqc-836w-jgr7

Products affected by CVE-2026-22820

Outray » Outray » Version: Any

cpe:2.3:a:outray:outray:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22820

Products

Pricing

Contact Us