CVE-2026-22819

Exploit

EPSS 0.04%
Veröffentlicht 14.01.2026 18:04:33
Zuletzt bearbeitet 20.01.2026 14:56:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Outray ≫ Outray SwPlatformnode.js Version < 0.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.104

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5.9	1.6	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-366 Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g

Vendor Advisory

Exploit

https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-22819

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22819

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22819

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22819