PatchSiren

Octopus Deploy CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Octopus Deploy CVE published 2026-06-04

CVE-2026-4881

A medium severity vulnerability, CVE-2026-4881, was found in Octopus Server. The issue arises from incorrect permission checks, allowing any authenticated user to make server-level changes using a specific API endpoint, despite receiving an error message. The vulnerability has a CVSS score of 6 and is classified as MEDIUM.