Home / Vulnerability Intelligence / CVE-2026-0704

CVE-2026-0704 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: February 27, 2026

Octopus Deploy - Unrestricted File Deletion

Published: February 25, 2026Updated: February 27, 2026Remote Exploitable

Overview

Octopus Deploy contains an unrestricted file deletion vulnerability caused by lack of validation in an API endpoint, letting attackers remove files or file contents on the host, exploit requires API access.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can delete or modify files on the host, potentially disrupting operations or causing data loss.

Mitigation

Update to the latest version of Octopus Deploy.

References

https://advisories.octopus.com/post/2026/sa2026-01

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-0704
Severity: Critical
CVSS Score: 9.1
Type: undefined
Status: confirmed

CWE

NVD-CWE-noinfo

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H