CVE Vulnerabilities

CVE-2026-22820

Time-of-check Time-of-use (TOCTOU) Race Condition

Published: Jan 14, 2026 | Modified: Jan 20, 2026
CVSS 3.x
3.7
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.

Affected Software

NameVendorStart VersionEnd Version
OutrayOutray*0.1.5 (excluding)

Potential Mitigations

References