In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
Published: 2026-02-25
CVSS: 9.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Download Exploit for CVE-2026-0704 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-515-cve-2026-27384/
https://sonitex.com/exploit-26-cve-2025-69308/