๐Ÿ” CVE Alert

CVE-2026-8296

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.

Vendor octopus deploy
Product octopus server
Published Jun 19, 2026
Stay Ahead of the Next One

Get instant alerts for octopus deploy octopus server

Be the first to know when new unknown vulnerabilities affecting octopus deploy octopus server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Octopus Deploy / Octopus Server
2023.0.0 < 2025.4.10678 2026.1.0 < 2026.1.11451 2026.2.0 < 2026.2.13114

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
advisories.octopus.com: https://advisories.octopus.com/post/2026/sa2026-05

Credits

This vulnerability was found by asotyc