CVE-2026-0704

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Vendor	octopus deploy
Product	octopus server
Published	Feb 25, 2026
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for octopus deploy octopus server

Be the first to know when new unknown vulnerabilities affecting octopus deploy octopus server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Octopus Deploy / Octopus Server

2023.0.0 < 2025.3.14715 2025.4.0 < 2025.4.10359

References

NVD ↗ CVE.org ↗ EPSS Data ↗

advisories.octopus.com: https://advisories.octopus.com/post/2026/sa2026-01

Credits

This vulnerability was found by oub3ll4