Let me be more clear about the vulnerability. Open your web browser and go to whatever local IP address your OctoPrint server is running at. If you are logged into the OctoPrint page, log out of it. Notice how you can still download the gcode files even after you logout? That means that anyone with access to that page can download your gcode files and gain access to your API key. Then once they have access to your API key, they can do virtually anything within OctoPrint.

Click to expand...