CNNVD-202601-4469 Information
CNNVD ID
CNNVD-202601-4469
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OctoPrint是OctoPrint开源的一个应用程序。提供了一个快速的Web界面,用于控制消费类3D打印机。 OctoPrint 1.11.5及之前版本存在安全漏洞,该漏洞源于API密钥验证使用基于字符的比较,可能导致通过网络进行定时攻击以提取API密钥。
Description (English)
The OctoPrint is an application from the OctoPrint Open Source. A fast Web interface was provided to control 3D printers in the consumer category. There is a security loophole in the OctoPrint 1.11.5 and earlier versions, which stems from the API key certification of the use of character-based comparisons, which may lead to a periodic attack via the network to extract the API key.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OctoPrint
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6 https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6 https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c https://access.redhat.com/security/cve/cve-2026-23892
Patch
https://octoprint.org/download/
Share on: