Skip to main content

Outray

2 CVEs product

Monthly

CVE-2026-22819 npm MEDIUM POC PATCH This Month

Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.

Information Disclosure Outray
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22820 npm LOW POC PATCH Monitor

Outray versions up to 0.1.5 contains a vulnerability that allows attackers to exceed the set number of active tunnels in their subscription plan (CVSS 3.7).

Race Condition Outray
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.

Information Disclosure Outray
NVD GitHub
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

Outray versions up to 0.1.5 contains a vulnerability that allows attackers to exceed the set number of active tunnels in their subscription plan (CVSS 3.7).

Race Condition Outray
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy