Vulnerability DatabaseCVE-2026-22819
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-22819
January 14, 2026
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
Affected Packages
outray (NPM):
Affected version(s) >=0.0.1 <0.1.5
Fix Suggestion:
Update to version 0.1.5
Related ResourcesĀ (6)
https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6
https://github.com/akinloluwami/outray/security/advisories/GHSA-45hj-9x76-wp9g
https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g
https://github.com/akinloluwami/outray
https://nvd.nist.gov/vuln/detail/CVE-2026-22819
https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581
Do you need more information?
Contact Us
CVSS v4
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH
Weakness Type (CWE)
Race Condition within a Thread
CWE-366
EPSS
Base Score:
0.04