310 matches found
📄 OctoPrint 1.11.2 Remote Code Execution
OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...
OctoPrint 1.11.2 - File Upload
Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...
Timing Attack
OctoPrint is vulnerable to Timing Attack. The vulnerability is due to character-by-character API key comparison with early termination, which allows a network-based attacker to infer valid API keys by measuring response times and guessing the key one character at a time...
CVE-2026-23892
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
EUVD-2026-4775
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...
CVE-2026-23892
OctoPrint (web interface for controlling consumer 3D printers) is affected in versions up to and including 1.11.5 by a timing side‑channel vulnerability in API key authentication. The root cause is a character‑by‑character comparison that short‑circuits on the first mismatched character, rather t...
Timing Attack
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Timing Attack via the API key authentication function. An attacker can extract valid API keys by measuring response times and inferring key values character by character over the...
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...
GHSA-XG4X-W2J3-57H6 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...
OctoPrint security vulnerabilities
OctoPrint is an open-source application developed by OctoPrint. It provides a quick web interface for controlling consumer-grade 3D printers. Versions of OctoPrint prior to 1.11.5 have security vulnerabilities. These vulnerabilities stem from the use of character-based comparisons in API key...
PT-2026-5007
Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.11.5 Description OctoPrint, a web interface for controlling 3D printers, is affected by a timing attack that could allow an attacker with network access to extract API keys. The issue stems from the use...
CVE-2025-64187
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
CVE-2025-64187
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
CVE-2025-64187
OctoPrint versions 1.11.3 and earlier are vulnerable to XSS through Action Command notifications and prompts. A crafted file can inject arbitrary HTML/JavaScript into printer popups and notifications, potentially disrupting prints or exposing sensitive information if the user has permission. The ...
CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...