A vulnerability identified as critical has been detected in Octopus Deploy Octopus Server up to 2025.3.14730/2025.4.10358/2026.1.5570 . This affects an unknown part of the component API Endpoint . The manipulation leads to permission issues. This vulnerability is listed as CVE-2026-3237 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.