CNNVD-202601-2403 Information

CNNVD ID

CNNVD-202601-2403

Related CVE

CVE-2026-22820

• CNNVD Published: 2026-01-14

Description (Chinese)

Outray是OutRay开源的一个本地服务器搭建工具。 Outray 0.1.5之前版本存在安全漏洞，该漏洞源于TOCTOU竞争条件，可能导致用户超出订阅计划设置的活跃隧道数量。

Description (English)

Outray is a local server set-up tool for OutRay open source. There was a security loophole in the pre-Outray 0.1.5 version, which stemmed from the terms of the TOCTOU competition and could result in users exceeding the number of active tunnels set up by the subscription plan.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OutRay

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581 https://github.com/outray-tunnel/outray/security/advisories/GHSA-3pqc-836w-jgr7 https://access.redhat.com/security/cve/cve-2026-22820

Patch

https://github.com/outray-tunnel/outray/releases