octoprint
PyPI20 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting octoprintpage 1 of 1
- CVE-2021-32560MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.6.02021-05-11
vulnerable: 1.3.11 ... 1.6.0rc3 (27 versions)
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
- CVE-2021-32561MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.02021-05-11
vulnerable: 1.3.11 ... 1.6.0rc3 (27 versions)
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
- CVE-2022-1430HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.02022-05-18
vulnerable: 1.3.11 ... 1.8.0rc5 (41 versions)
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
- CVE-2022-1432MEDIUMCVSS 6.4EG 6.4✓ Fixed in 1.8.02022-05-18
vulnerable: 1.3.11 ... 1.8.0rc5 (41 versions)
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
- CVE-2022-2822HIGHCVSS 7.5EG 3.72022-08-15
vulnerable: 1.3.11 ... 1.7.3 (36 versions)
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
- CVE-2022-2872MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.8.32022-09-21
vulnerable: 1.3.11 ... 1.8.2 (44 versions)
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-2888MEDIUMCVSS 4.4EG 4.4✓ Fixed in 1.8.32022-09-21
vulnerable: 1.3.11 ... 1.8.2 (44 versions)
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
- CVE-2022-2930HIGHCVSS 7.8EG 7.8✓ Fixed in 1.8.32022-08-22
vulnerable: 1.3.11 ... 1.8.2 (44 versions)
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-3068HIGHCVSS 8.8EG 8.8✓ Fixed in 1.8.32022-09-21
vulnerable: 1.3.11 ... 1.8.2 (44 versions)
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2022-3607MEDIUMCVSS 6.0EG 6.0✓ Fixed in 1.8.32022-10-19
vulnerable: 1.3.11 ... 1.8.2 (44 versions)
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2023-41047MEDIUMCVSS 6.2EG 6.2✓ Fixed in 1.9.32023-10-09
vulnerable: 1.3.11 ... 1.9.2 (58 versions)
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during renderin…
- CVE-2024-23637MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.10.0rc12024-01-31
vulnerable: 1.3.11 ... 1.9.3 (59 versions)
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repea…
- CVE-2024-28237MEDIUMCVSS 4.0EG 4.0✓ Fixed in 1.10.02024-03-18
vulnerable: 1.10.0rc1 ... 1.9.3 (63 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into conf…
- CVE-2024-32977HIGHCVSS 7.1EG 7.1✓ Fixed in 1.10.12024-05-14
vulnerable: 1.10.0 ... 1.9.3 (64 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autol…
- CVE-2024-49377MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.10.32024-11-05
vulnerable: 1.10.0 ... 1.9.3 (66 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An…
- CVE-2024-51493MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.10.32024-11-05
vulnerable: 1.10.0 ... 1.9.3 (66 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's Octo…
- CVE-2025-32788MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.11.02025-04-22
vulnerable: 1.10.0 ... 1.9.3 (74 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of ce…
- CVE-2025-48067MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.11.22025-06-10
vulnerable: 1.10.0 ... 1.9.3 (76 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host tha…
- CVE-2025-48879MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.11.22025-06-10
vulnerable: 1.10.0 ... 1.9.3 (76 versions)
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become u…
- CVE-2026-23892MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.11.62026-01-27
vulnerable: 1.10.0 ... 1.9.3 (80 versions)
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to usin…
Check whether octoprint is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for octoprint CVEs against the assets you own.
Start Free Scan →