CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Published Jan 16, 2026

https://github.com/advisories/GHSA-3pqc-836w-jgr7

CVSS ScoreLow

3.7

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Published Jan 16, 2026

https://github.com/advisories/GHSA-3pqc-836w-jgr7

CVSS ScoreLow

3.7


npm	outray	0.0.1
npm	outray	0.0.2
npm	outray	0.0.3
npm	outray	0.0.6
npm	outray	0.0.7
npm	outray	0.0.8
npm	outray	0.0.9
npm	outray	0.1.0
npm	outray	0.1.1
npm	outray	0.1.2
npm	outray	0.1.3
npm	outray	0.1.4

Ecosystem	Package	Version


npm	outray	0.0.1
npm	outray	0.0.2
npm	outray	0.0.3
npm	outray	0.0.6
npm	outray	0.0.7
npm	outray	0.0.8
npm	outray	0.0.9
npm	outray	0.1.0
npm	outray	0.1.1
npm	outray	0.1.2
npm	outray	0.1.3
npm	outray	0.1.4

Find vulnerabilities. Fix fast with AI.

CVE-2026-22820

CVE-2026-22820