Outray
CVE-2026-22819
MEDIUM
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
AnalysisAI
Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.
Technical ContextAI
Affects Outray. Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 0.1.5.. Restrict network access to the affected service where possible.
Same weakness CWE-366 – Race Condition within a Thread
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-45hj-9x76-wp9g