Octopus: >> Octopus Server >> 2025.1.10080 Security Vulnerabilities
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-05
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-25