Description

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

INFO

Published Date :

2026-01-14T15:06:51.127Z

Last Modified :

2026-01-14T15:19:46.837Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22820 vulnerability.

Vendors Products
Outray
  • Outray
Outray-tunnel
  • Outray
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22820.

URL Resource
https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581 cve-icon cve-icon
https://github.com/outray-tunnel/outray/security/advisories/GHSA-3pqc-836w-jgr7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact