CVE-2026-8296 MEDIUM

CVE-2026-8296

Vendor Octopus Deploy
Product Octopus Server
Published June 19, 2026
Last update June 19, 2026

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.

Key dates

02Disclosure timeline

June 19, 2026 CVE published