OctoPrint — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in OctoPrint, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-23892	OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication CWE-208	5.9^AI	Medium^AI	2026-01-27
CVE-2025-64187	OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts CWE-80	6.1	-	2025-11-07
CVE-2025-58180	OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload CWE-78	8.8^AI	High^AI	2025-09-09
CVE-2025-48879	OctoPrint Vulnerable to Denial of Service through malformed HTTP request CWE-140	6.5	Medium	2025-06-10
CVE-2025-48067	OctoPrint vulnerable to possible file extraction via upload endpoints CWE-73	5.4	Medium	2025-06-10
CVE-2025-32788	OctoPrint Authenticated Reverse Proxy Page Authentication Bypass CWE-290	4.3	Medium	2025-04-22
CVE-2024-49377	Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint CWE-79	5.5	Medium	2024-11-05
CVE-2024-51493	API key access in settings without reauthentication in OctoPrint CWE-620	5.3	Medium	2024-11-05
CVE-2024-32977	OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled CWE-290	7.1	High	2024-05-14
CVE-2024-28237	OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings CWE-79	4.0	Medium	2024-03-18
CVE-2024-23637	OctoPrint Unverified Password Change via Access Control Settings CWE-287	4.2	Medium	2024-01-31
CVE-2023-41047	Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint CWE-1336	6.2	Medium	2023-10-09

All 12 known CVE vulnerabilities affecting OctoPrint with full Chinese analysis, references, and POCs where available.