← Back to home
wid-sec-w-2026-0613  ·  Published 2026-03-04  ·  View on BSI CERT-Bund ↗

Octopus Deploy: Vulnerability allows Offenlegung from Informationen

CVSS 2.3 LOW

Risk Summary

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.

CVEs (1)

Affected Vendors

Octopus Deploy

Affected Products (4)

Octopus Deploy · Octopus Deploy <2025.3.14761
Octopus Deploy · Octopus Deploy 2025.3.14761
Octopus Deploy · Octopus Deploy <2025.4.10409
Octopus Deploy · Octopus Deploy 2025.4.10409

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more