CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

Race Condition within a Thread

Overview outray is an OutRay CLI - Expose your local server to the internet Affected versions of this package are vulnerable to Race Condition within a Thread due to the lack of transaction locking mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. An attacker can obtain mor...

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22819 Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22819

CVE-2026-22819 affects the Outray open-source ngrok-like tool. The race condition occurs in the subdomain allocation path (main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts) where existingSubdomains is read without proper transaction locking, then a window exists before INSERT during conc...

EUVD-2026-2016

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22819 Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820

CVE-2026-22820 affects the Outray open-source CLI (an ngrok-like tool). The vulnerability is a TOCTOU race condition in tunnel creation that can allow a user to bypass the plan’s active-tunnels limit, potentially creating more tunnels than allowed. The issue occurs during registration: the code c...

EUVD-2026-2015

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

Outray 安全漏洞

Outray is a local server building tool from OutRay open source. A security vulnerability exists in Outray versions prior to 0.1.5, which stems from a missing database transaction locking mechanism that could lead to free plan users acquiring more subdomains than expected...

Outray 安全漏洞

Outray is a local server building tool from OutRay open source. A security vulnerability exists in Outray versions prior to 0.1.5 that stems from a TOCTOU competitive condition that could cause users to exceed the number of active tunnels set by their subscription plan...

Outray has a Race Condition in the cli's webapp

Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts Details - The affected code-: ts //Race...

PT-2026-2846

Name of the Vulnerable Software and Affected Versions Outray versions prior to 0.1.5 Description A TOCTOU Time-of-Check-to-Time-of-Use race condition exists that allows a user to exceed the set number of active tunnels in their subscription plan. The issue is related to the handling of tunnel...