CVE-2026-3236

Vulnerability Description

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.

Vulnerability Details

Published Date

March 05, 2026

Last Modified

March 05, 2026

CWE ID

CWE-863

Source

NVD

External References

https://advisories.octopus.com/post/2026/sa2026-02

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment