CVE-2026-4881

6MEDIUM

Key Information:

Vendor: Octopus Deploy
Status: Octopus Server
Vendor: CVE Published:; 4 June 2026

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2026-4881?

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error.

Affected Version(s)

Octopus Server Windows 2023.0.0 < 2025.4.10523

Octopus Server Windows 2025.4.0 < 2025.4.10545

Octopus Server Windows 2026.1.0 < 2026.1.11313

References

https://advisories.octopus.com/post/2026/sa2026-04

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Mar 26, 2026

Credit

This vulnerability was found by MononcleMich

CVE-2026-4881 Data

JSON