Primary

Context

Octopus Deploy File Modification and Deletion Vulnerability via Unvalidated API Endpoint

Vulnerability

Patched

A vulnerability in Octopus Deploy's API allows for file deletion or modification on the host. This issue arises from a lack of proper validation in the API endpoint, which could be exploited to bypass intended workflows. The vulnerability affects Octopus Server versions 2023.x, 2024.x, 2025.1.x, 2025.2.x, and 2025.3.x prior to 2025.3.14715.

Impact

Exploitation of this vulnerability could lead to unauthorized file deletion or modification on the host system.

Remediation

Users are advised to upgrade to Octopus Server version 2025.4.10446 or, if on version 2025.3.x, to upgrade to version 2025.3.14715. For those on the 2025.4.x version, upgrade to 2025.4.10359 or greater.

Added: Feb 25, 2026, 1:18 PM

Updated: Feb 25, 2026, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.8

exploitability

7.4

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.8

exploitability

7.4

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Octopus Deploy File Modification and Deletion Vulnerability via Unvalidated API Endpoint

Vulnerability

Impact

Remediation

Affected Products

Octopus Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating