Lucene search
K

316 matches found

OSV
OSV
added 2026/06/23 6:3 p.m.2 views

GHSA-J4H9-PM27-4RFW OctoPrint has possible file exfiltration via query parameters on upload endpoints

Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...

7CVSS5.9AI score
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.195 views

📄 OctoPrint 1.11.2 Remote Code Execution

OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...

8.8CVSS6.3AI score0.19313EPSS
Exploits4
Exploit DB
Exploit DB
added 2026/02/04 12:0 a.m.206 views

OctoPrint 1.11.2 - File Upload

Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...

8.8CVSS5.2AI score0.19313EPSS
Exploits4
Veracode
Veracode
added 2026/01/29 12:44 p.m.7 views

Timing Attack

OctoPrint is vulnerable to Timing Attack. The vulnerability is due to character-by-character API key comparison with early termination, which allows a network-based attacker to infer valid API keys by measuring response times and guessing the key one character at a time...

6CVSS5.9AI score0.00475EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.6 views

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS5.9AI score0.00475EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 7:16 p.m.12 views

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS0.00475EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 6:35 p.m.21 views

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/27 6:35 p.m.7 views

EUVD-2026-4775

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS5.9AI score0.00475EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 6:35 p.m.4 views

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS5.9AI score0.00475EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 6:35 p.m.20 views

CVE-2026-23892

OctoPrint (web interface for controlling consumer 3D printers) is affected in versions up to and including 1.11.5 by a timing side‑channel vulnerability in API key authentication. The root cause is a character‑by‑character comparison that short‑circuits on the first mismatched character, rather t...

6CVSS5.9AI score0.00475EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/27 6:35 p.m.6 views

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS5.9AI score0.00475EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:35 p.m.6 views

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

6CVSS5.9AI score0.00475EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 6:33 p.m.21 views

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...

6CVSS5.8AI score0.00475EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/27 6:33 p.m.4 views

GHSA-XG4X-W2J3-57H6 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...

6CVSS5.8AI score0.00475EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/27 6:33 p.m.6 views

Timing Attack

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Timing Attack via the API key authentication function. An attacker can extract valid API keys by measuring response times and inferring key values character by character over the...

8.2CVSS5.9AI score0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-5007

Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.11.5 Description OctoPrint, a web interface for controlling 3D printers, is affected by a timing attack that could allow an attacker with network access to extract API keys. The issue stems from the use...

6CVSS5.2AI score0.00475EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.23 views

OctoPrint security vulnerabilities

OctoPrint is an open-source application developed by OctoPrint. It provides a quick web interface for controlling consumer-grade 3D printers. Versions of OctoPrint prior to 1.11.5 have security vulnerabilities. These vulnerabilities stem from the use of character-based comparisons in API key...

6CVSS5.8AI score0.00475EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.16 views

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 4:15 a.m.6 views

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS0.0015EPSS
Exploits0References2
OSV
OSV
added 2025/11/07 3:11 a.m.7 views

CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References4
Rows per page
Query Builder