CVE-2026-22819
Medium
Low
Medium
High
Critical
5.9
CVSS Score
Published: Jan 14, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
N
Attack Complexity
H
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
N
Integrity
L
Availability
H
Severity Details
5.9
out of 10.0
Medium
Key Information
- Published Date
- January 14, 2026
