Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

octoprint — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting octoprint. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OctoPrint is an open-source host application for 3D printers, enabling remote monitoring and control via web interfaces. Its architecture, which bridges local hardware with network-accessible software, has historically exposed it to significant security risks. Record analysis reveals twenty Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from inadequate input validation and improper authentication mechanisms within the web server components. While no single catastrophic incident has defined its history, the cumulative effect of these vulnerabilities highlights the dangers of exposing embedded systems directly to networks without robust security hardening. The project’s reliance on community contributions has occasionally led to delayed patches, emphasizing the need for rigorous code review and secure configuration practices to mitigate the inherent risks of managing critical manufacturing infrastructure through internet-connected interfaces.

Top products by octoprint: OctoPrint octoprint/octoprint
CVE IDTitleCVSSSeverityPublished
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication — OctoPrintCWE-208 5.9AIMediumAI2026-01-27
CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts — OctoPrintCWE-80 6.1 -2025-11-07
CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload — OctoPrintCWE-78 8.8AIHighAI2025-09-09
CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request — OctoPrintCWE-140 6.5 Medium2025-06-10
CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints — OctoPrintCWE-73 5.4 Medium2025-06-10
CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass — OctoPrintCWE-290 4.3 Medium2025-04-22
CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint — OctoPrintCWE-79 5.5 Medium2024-11-05
CVE-2024-51493 API key access in settings without reauthentication in OctoPrint — OctoPrintCWE-620 5.3 Medium2024-11-05
CVE-2024-32977 OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled — OctoPrintCWE-290 7.1 High2024-05-14
CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings — OctoPrintCWE-79 4.0 Medium2024-03-18
CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings — OctoPrintCWE-287 4.2 Medium2024-01-31
CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint — OctoPrintCWE-1336 6.2 Medium2023-10-09
CVE-2022-3607 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint — octoprint/octoprintCWE-75 6.9 -2022-10-19
CVE-2022-3068 Improper Privilege Management in octoprint/octoprint — octoprint/octoprintCWE-269 7.8 -2022-09-21
CVE-2022-2888 Insufficient Session Expiration in octoprint/octoprint — octoprint/octoprintCWE-613 4.4 -2022-09-21
CVE-2022-2872 Unrestricted Upload of File with Dangerous Type in octoprint/octoprint — octoprint/octoprintCWE-434 9.1 -2022-09-21
CVE-2022-2930 Unverified Password Change in octoprint/octoprint — octoprint/octoprintCWE-620 7.1 -2022-08-22
CVE-2022-2822 Authentication Bypass by Primary Weakness in octoprint/octoprint — octoprint/octoprintCWE-307 9.1 -2022-08-15
CVE-2022-1432 Cross-site Scripting (XSS) - Generic in octoprint/octoprint — octoprint/octoprintCWE-79 5.4 -2022-05-18
CVE-2022-1430 Cross-site Scripting (XSS) - DOM in octoprint/octoprint — octoprint/octoprintCWE-79 4.8 -2022-05-18

This page lists every published CVE security advisory associated with octoprint. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.