Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/octoprint@1.11.1
Typepypi
Namespace
Nameoctoprint
Version1.11.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.6
Latest_non_vulnerable_version1.11.6
Affected_by_vulnerabilities
0
url VCID-dzbe-gru3-ukdn
vulnerability_id VCID-dzbe-gru3-ukdn
summary 
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken `multipart/form-data` request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run a denial of service attack on the OctoPrint server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48879
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14342
published_at 2026-06-08T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14365
published_at 2026-06-09T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14462
published_at 2026-06-06T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14459
published_at 2026-06-05T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14423
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48879
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/
url https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48879
reference_id CVE-2025-48879
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48879
4
reference_url https://github.com/advisories/GHSA-9wj4-8h85-pgrw
reference_id GHSA-9wj4-8h85-pgrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wj4-8h85-pgrw
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw
reference_id GHSA-9wj4-8h85-pgrw
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw
fixed_packages
0
url pkg:pypi/octoprint@1.11.2
purl pkg:pypi/octoprint@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tbb9-a1vr-g3ct
1
vulnerability VCID-tpea-28hk-wkas
2
vulnerability VCID-xjzu-4qfa-z7e8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2
aliases CVE-2025-48879, GHSA-9wj4-8h85-pgrw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzbe-gru3-ukdn
1
url VCID-s4s7-jh3k-k7g7
vulnerability_id VCID-s4s7-jh3k-k7g7
summary 
OctoPrint vulnerable to possible file extraction via upload endpoints
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from.

The primary risk lies in the potential exfiltration of secrets stored inside OctoPrint's config, or further system files. By removing important runtime files, this could also be used to impact the availability of the host. Given that the attacker requires a user account with file upload permissions, the actual impact of this should however hopefully be minimal in most cases.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48067
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27445
published_at 2026-06-08T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27452
published_at 2026-06-09T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27533
published_at 2026-06-06T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27584
published_at 2026-06-05T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.27495
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48067
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/
url https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48067
reference_id CVE-2025-48067
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48067
4
reference_url https://github.com/advisories/GHSA-m9jh-jf9h-x3h2
reference_id GHSA-m9jh-jf9h-x3h2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9jh-jf9h-x3h2
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2
reference_id GHSA-m9jh-jf9h-x3h2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2
fixed_packages
0
url pkg:pypi/octoprint@1.11.2
purl pkg:pypi/octoprint@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tbb9-a1vr-g3ct
1
vulnerability VCID-tpea-28hk-wkas
2
vulnerability VCID-xjzu-4qfa-z7e8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2
aliases CVE-2025-48067, GHSA-m9jh-jf9h-x3h2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4s7-jh3k-k7g7
2
url VCID-tbb9-a1vr-g3ct
vulnerability_id VCID-tbb9-a1vr-g3ct
summary 
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an **authenticated** attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered.

If no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58180
reference_id
reference_type
scores
0
value 0.02219
scoring_system epss
scoring_elements 0.84813
published_at 2026-06-05T12:55:00Z
1
value 0.02219
scoring_system epss
scoring_elements 0.84816
published_at 2026-06-09T12:55:00Z
2
value 0.02219
scoring_system epss
scoring_elements 0.84801
published_at 2026-06-08T12:55:00Z
3
value 0.02219
scoring_system epss
scoring_elements 0.84812
published_at 2026-06-07T12:55:00Z
4
value 0.02219
scoring_system epss
scoring_elements 0.84818
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58180
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841
4
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt
reference_id CVE-2025-58180
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58180
reference_id CVE-2025-58180
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58180
7
reference_url https://github.com/advisories/GHSA-49mj-x8jp-qvfc
reference_id GHSA-49mj-x8jp-qvfc
reference_type
scores
url https://github.com/advisories/GHSA-49mj-x8jp-qvfc
8
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc
reference_id GHSA-49mj-x8jp-qvfc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc
fixed_packages
0
url pkg:pypi/octoprint@1.11.3
purl pkg:pypi/octoprint@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tpea-28hk-wkas
1
vulnerability VCID-xjzu-4qfa-z7e8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.3
aliases CVE-2025-58180, GHSA-49mj-x8jp-qvfc
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbb9-a1vr-g3ct
3
url VCID-tpea-28hk-wkas
vulnerability_id VCID-tpea-28hk-wkas
summary 
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer.

An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64187
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05141
published_at 2026-06-07T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.05146
published_at 2026-06-09T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.05103
published_at 2026-06-08T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.05147
published_at 2026-06-06T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.05161
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64187
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/
url https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64187
reference_id CVE-2025-64187
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64187
4
reference_url https://github.com/advisories/GHSA-crvm-xjhm-9h29
reference_id GHSA-crvm-xjhm-9h29
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crvm-xjhm-9h29
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29
reference_id GHSA-crvm-xjhm-9h29
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29
fixed_packages
0
url pkg:pypi/octoprint@1.11.4
purl pkg:pypi/octoprint@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xjzu-4qfa-z7e8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.4
aliases CVE-2025-64187, GHSA-crvm-xjhm-9h29
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpea-28hk-wkas
4
url VCID-xjzu-4qfa-z7e8
vulnerability_id VCID-xjzu-4qfa-z7e8
summary 
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network.

Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23892
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03032
published_at 2026-06-09T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03066
published_at 2026-06-08T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03086
published_at 2026-06-07T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03138
published_at 2026-06-06T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03128
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23892
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c
3
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23892
reference_id CVE-2026-23892
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23892
5
reference_url https://github.com/advisories/GHSA-xg4x-w2j3-57h6
reference_id GHSA-xg4x-w2j3-57h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg4x-w2j3-57h6
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6
reference_id GHSA-xg4x-w2j3-57h6
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6
fixed_packages
0
url pkg:pypi/octoprint@1.11.6
purl pkg:pypi/octoprint@1.11.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.6
aliases CVE-2026-23892, GHSA-xg4x-w2j3-57h6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xjzu-4qfa-z7e8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.1