Summary
Details
OctoPrint's web application is implemented in Flask, but uploads are first intercepted by a custom upload handler built on Tornado that sits in front of it. The handler streams the upload to a temporary file on disk - so files larger than the available memory can be uploaded - and rewrites the request, adding internal form fields that tell Flask where to find that temporary file.
These fields are reserved and meant to be set only by the upload handler, never by the client. The previous fix from GHSA-m9jh-jf9h-x3h2/CVE-2025-48067 stripped them from the request received from the client when they were sent as multipart form fields, yet they could still reach Flask through other channels: as plain query parameters, or - since the Tornado handler and Flask did not parse requests identically - smuggled in via several "parser differentials" that looked harmless to the handler while Flask still saw the injected fields. Any of these let an attacker make OctoPrint treat an arbitrary file on the host as a freshly uploaded one and move it into the upload folder.
The following endpoints in OctoPrint are affected:
/api/files/{local|sdcard}/api/languages/plugin/backup/restore/plugin/pluginmanager/upload_file
Further upload endpoints in third party plugins might be affected too.
The fix rejects requests carrying any of the reserved fields, aligns the Tornado handler's request parsing with Flask's (Werkzeug) to avoid any differential parsing, and re-validates the request rewritten by Tornado before forwarding it to Flask.
Credits
This vulnerability was discovered and responsibly disclosed to OctoPrint by Koh Jun Sheng and Jacopo Tediosi.
Timeline
2026-06-04: Report received
2026-06-04: Report acknowledged
2026-06-08: Report verified
2026-06-17: Fix ready for 1.11.x
2026-06-22: Fix ported to 2.0.0
2026-06-23: Fix released with 1.11.8 and 2.0.0rc3
Impact
OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability was already reported as GHSA-m9jh-jf9h-x3h2/CVE-2025-48067 but the fix provided in OctoPrint 1.11.2 turned out to be incomplete.
The primary risk lies in the potential exfiltration of secrets stored inside OctoPrint's config, or further system files. By removing important runtime files, this could also be used to impact the availability of the host after an attempted server restart. Given that the attacker requires a user account with file upload permissions, the actual impact of this should however hopefully be minimal in most cases.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
The vulnerability has been patched in version 1.11.8 and 2.0.0rc3.
Frequently Asked Questions
- What is CVE-2026-54134? CVE-2026-54134 is a high-severity security vulnerability in OctoPrint (pip), affecting versions <= 1.11.7. It is fixed in 1.11.8, 2.0.0rc3.
- Which versions of OctoPrint are affected by CVE-2026-54134? OctoPrint (pip) versions <= 1.11.7 is affected.
- Is there a fix for CVE-2026-54134? Yes. CVE-2026-54134 is fixed in 1.11.8, 2.0.0rc3. Upgrade to this version or later.
- Is CVE-2026-54134 exploitable, and should I be worried? Whether CVE-2026-54134 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-54134 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-54134?
- Upgrade
OctoPrintto 1.11.8 or later - Upgrade
OctoPrintto 2.0.0rc3 or later
- Upgrade