Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22819
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts
Source: NVD (National Vulnerability Database)
Vulnerability Description
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
单线程内的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Outray 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Outray是OutRay开源的一个本地服务器搭建工具。 Outray 0.1.5之前版本存在安全漏洞,该漏洞源于数据库事务锁定机制缺失,可能导致免费计划用户获取超出预期的子域名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
akinloluwamioutray < 0.1.5 -
II. Public POCs for CVE-2026-22819
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-22819
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: outray
Same vendor: akinloluwami
Same weakness: CWE-366
V. Comments for CVE-2026-22819
Anonymous User
2026-01-15 06:08:15

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Leave a comment