CVSS
No CVSS.
I
n affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
References
| Link | Resource |
|---|---|
| https://advisories.octopus.com/post/2026/sa2026-02 |
Configurations
No configuration.
History
05 Mar 2026, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-05 11:15
Updated : 2026-03-05 19:38
NVD link : CVE-2026-3236
Mitre link : CVE-2026-3236
CVE.ORG link : CVE-2026-3236
JSON object : View
Products Affected
No product.
CWE
CWE-863
Incorrect Authorization