Vulnerability Details CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.3%
CVSS Severity