CVE-2026-22820

Published: Jan 14, 2026

Modified: Jan 14, 2026

PUBLISHED

Description

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Vendor	Product	Versions
akinloluwami	outray	affected `< 0.1.5`

Weaknesses (CWE)

CWE-367

References

https://github.com/outray-tunnel/outray/security/advisories/GHSA-3pqc-836w-jgr7

x_refsource_CONFIRM

https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-22820

Description

Affected Products

Weaknesses (CWE)

References