CVE-2026-3237

Name of the Vulnerable Software and Affected Versions Octopus Server (affected versions not specified)

Description A user with limited privileges could manipulate an API request to modify the signing key expiration and revocation time frames. This was possible due to incorrect permission validation on an API endpoint. It was not possible to expose the signing keys using this issue. The affected API endpoint allowed modification of signing key settings. The vulnerable action involved manipulating an API request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.