CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4585 vulnerabilities reference this CWE, most recent first.
CVE-2026-59806 (GCVE-0-2026-59806)
Vulnerability from cvelistv5 – Published: 2026-07-08 19:43 – Updated: 2026-07-09 18:18 X_Open Source| URL | Tags |
|---|---|
| https://github.com/gradio-app/gradio/issues/13593 | technical-descriptionexploit |
| https://github.com/gradio-app/gradio/releases/tag… | release-notes |
| https://github.com/gradio-app/gradio/pull/13596 | issue-tracking |
| https://github.com/gradio-app/gradio/commit/1c5c5… | patch |
| https://www.vulncheck.com/advisories/gradio-open-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| gradio-app | gradio |
Affected:
0 , < 6.20.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T18:18:10.196884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:18:16.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/gradio-ui",
"product": "gradio",
"repo": "https://github.com/gradio-app/gradio",
"vendor": "gradio-app",
"versions": [
{
"lessThan": "6.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "6.20.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:43:32.730Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/gradio-app/gradio/issues/13593"
},
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/gradio-app/gradio/releases/tag/gradio%406.20.0"
},
{
"name": "Fix PR",
"tags": [
"issue-tracking"
],
"url": "https://github.com/gradio-app/gradio/pull/13596"
},
{
"name": "Fix Commit",
"tags": [
"patch"
],
"url": "https://github.com/gradio-app/gradio/commit/1c5c53842df9c2750552d85c19a92e7e732cff3f"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/gradio-open-redirect-and-ssrf-via-gradio-api-file-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "Gradio \u003c 6.20.0 - Open Redirect and SSRF via /gradio_api/file= endpoint",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59806",
"datePublished": "2026-07-08T19:43:32.730Z",
"dateReserved": "2026-07-07T14:39:14.062Z",
"dateUpdated": "2026-07-09T18:18:16.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59707 (GCVE-0-2026-59707)
Vulnerability from cvelistv5 – Published: 2026-07-07 20:37 – Updated: 2026-07-14 22:03- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/mudler/LocalAI/issues/10665 | issue-tracking |
| https://github.com/mudler/LocalAI | product |
| https://github.com/mudler/LocalAI/commit/f9b968e1… | patch |
| https://www.vulncheck.com/advisories/localai-serv… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59707",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T16:47:31.794452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T17:10:50.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mudler/LocalAI/issues/10665"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:golang/github.com/mudler/LocalAI",
"product": "LocalAI",
"vendor": "LocalAI",
"versions": [
{
"lessThanOrEqual": "v4.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "George Chen"
}
],
"datePublic": "2026-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges with partial response content leaked through error messages."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:27.911Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Issue",
"tags": [
"issue-tracking"
],
"url": "https://github.com/mudler/LocalAI/issues/10665"
},
{
"name": "Product",
"tags": [
"product"
],
"url": "https://github.com/mudler/LocalAI"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/mudler/LocalAI/commit/f9b968e19d7cbc556d59dceb2e0e450b828a3fda"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/localai-server-side-request-forgery-via-post-models-apply"
}
],
"title": "LocalAI - Server-Side Request Forgery via POST /models/apply",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59707",
"datePublished": "2026-07-07T20:37:53.194Z",
"dateReserved": "2026-07-06T15:31:46.187Z",
"dateUpdated": "2026-07-14T22:03:27.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59702 (GCVE-0-2026-59702)
Vulnerability from cvelistv5 – Published: 2026-07-08 15:07 – Updated: 2026-07-08 16:18- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/yamadashy/repomix/issues/1703 | issue-tracking |
| https://github.com/yamadashy/repomix | product |
| https://github.com/CrazyForks/repomix/commit/c748… | patch |
| https://www.vulncheck.com/advisories/repomix-serv… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T16:18:46.452885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T16:18:49.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yamadashy/repomix/issues/1703"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageURL": "pkg:npm/repomix",
"product": "repomix",
"vendor": "repomix",
"versions": [
{
"lessThan": "1.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "c748b52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "George Chen"
}
],
"datePublic": "2026-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T15:07:19.285Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Iusse",
"tags": [
"issue-tracking"
],
"url": "https://github.com/yamadashy/repomix/issues/1703"
},
{
"name": "Product",
"tags": [
"product"
],
"url": "https://github.com/yamadashy/repomix"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/repomix-server-side-request-forgery-via-unvalidated-repository-urls-in-post-api-pack"
}
],
"title": "repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59702",
"datePublished": "2026-07-08T15:07:19.285Z",
"dateReserved": "2026-07-06T15:31:46.187Z",
"dateUpdated": "2026-07-08T16:18:49.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59221 (GCVE-0-2026-59221)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:13 – Updated: 2026-07-09 18:09| URL | Tags |
|---|---|
| https://github.com/open-webui/open-webui/security… | x_refsource_CONFIRM |
| https://github.com/open-webui/open-webui/pull/26050 | x_refsource_MISC |
| https://github.com/open-webui/open-webui/commit/0… | x_refsource_MISC |
| https://github.com/open-webui/open-webui/releases… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| open-webui | open-webui |
Affected:
>= 0.9.6, < 0.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59221",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T18:09:16.352793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:09:19.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-frvj-c5qp-xj4w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "open-webui",
"vendor": "open-webui",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.6, \u003c 0.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks and be decoded by the upstream terminal server. This issue is fixed in version 0.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:13:36.193Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-frvj-c5qp-xj4w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-frvj-c5qp-xj4w"
},
{
"name": "https://github.com/open-webui/open-webui/pull/26050",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/pull/26050"
},
{
"name": "https://github.com/open-webui/open-webui/commit/05098d25a58d03738e01c4e85e8852c3b4ad849c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/commit/05098d25a58d03738e01c4e85e8852c3b4ad849c"
},
{
"name": "https://github.com/open-webui/open-webui/releases/tag/v0.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/releases/tag/v0.10.0"
}
],
"source": {
"advisory": "GHSA-frvj-c5qp-xj4w",
"discovery": "UNKNOWN"
},
"title": "open-webui terminal proxy path traversal guard bypass via 9x encoded traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59221",
"datePublished": "2026-07-09T17:13:36.193Z",
"dateReserved": "2026-07-02T21:05:02.925Z",
"dateUpdated": "2026-07-09T18:09:19.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59101 (GCVE-0-2026-59101)
Vulnerability from cvelistv5 – Published: 2026-07-02 19:43 – Updated: 2026-07-14 22:03 X_Open Source- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/EstrellaXD/Auto_Bangumi/releas… | release-notes |
| https://github.com/EstrellaXD/Auto_Bangumi/issues/1041 | issue-tracking |
| https://github.com/EstrellaXD/Auto_Bangumi/commit… | patch |
| https://www.vulncheck.com/advisories/autobangumi-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| EstrellaXD | Auto_Bangumi |
Affected:
0 , < 3.2.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:00:55.390686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T17:02:24.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/EstrellaXD/Auto_Bangumi",
"product": "Auto_Bangumi",
"repo": "https://github.com/EstrellaXD/Auto_Bangumi",
"vendor": "EstrellaXD",
"versions": [
{
"lessThan": "3.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:estrellaxd:auto_bangumi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST /api/v1/setup/test-downloader endpoint during the initial setup window, causing the server to issue HTTP GET requests to internal or reserved addresses and leak information through echoed connection-error messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:26.509Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/EstrellaXD/Auto_Bangumi/releases/tag/3.2.8"
},
{
"name": "GitHub Issue",
"tags": [
"issue-tracking"
],
"url": "https://github.com/EstrellaXD/Auto_Bangumi/issues/1041"
},
{
"name": "Fix Commit",
"tags": [
"patch"
],
"url": "https://github.com/EstrellaXD/Auto_Bangumi/commit/487bdfec545e805ae416e6ddf28651bd274d6a73"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/autobangumi-ssrf-via-api-v1-setup-test-downloader"
}
],
"tags": [
"x_open-source"
],
"title": "AutoBangumi \u003c 3.2.8 - SSRF via /api/v1/setup/test-downloader",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59101",
"datePublished": "2026-07-02T19:43:41.668Z",
"dateReserved": "2026-07-02T15:38:18.929Z",
"dateUpdated": "2026-07-14T22:03:26.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59095 (GCVE-0-2026-59095)
Vulnerability from cvelistv5 – Published: 2026-07-02 19:41 – Updated: 2026-07-14 22:03 X_Open Source- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/lobehub/lobehub/issues/16536 | technical-descriptionexploit |
| https://github.com/lobehub/lobehub/pull/16601 | patch |
| https://www.vulncheck.com/advisories/lobechat-can… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59095",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:00:31.444200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T17:02:30.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/lobehub/lobehub",
"product": "lobehub",
"repo": "https://github.com/lobehub/lobehub",
"vendor": "lobehub",
"versions": [
{
"lessThan": "2.2.10-canary.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lobehub:lobehub:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2.2.10-canary.18",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project\u0027s ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:22.385Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/lobehub/lobehub/issues/16536"
},
{
"name": "Fix PR",
"tags": [
"patch"
],
"url": "https://github.com/lobehub/lobehub/pull/16601"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/lobechat-canary-18-ssrf-via-importfromurl-and-fetchimagefromurl"
}
],
"tags": [
"x_open-source"
],
"title": "LobeChat \u003c 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59095",
"datePublished": "2026-07-02T19:41:16.367Z",
"dateReserved": "2026-07-02T15:38:18.928Z",
"dateUpdated": "2026-07-14T22:03:22.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58501 (GCVE-0-2026-58501)
Vulnerability from cvelistv5 – Published: 2026-07-08 19:31 – Updated: 2026-07-09 13:20- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/mvantellingen/python-zeep/secu… | x_refsource_CONFIRM |
| https://github.com/mvantellingen/python-zeep/comm… | x_refsource_MISC |
| https://github.com/mvantellingen/python-zeep/rele… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| mvantellingen | python-zeep |
Affected:
>= 4.0.0, < 4.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:20:37.552267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:20:46.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeep",
"vendor": "mvantellingen",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:31:55.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mvantellingen/python-zeep/security/advisories/GHSA-4cc2-g9w2-fhf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mvantellingen/python-zeep/security/advisories/GHSA-4cc2-g9w2-fhf6"
},
{
"name": "https://github.com/mvantellingen/python-zeep/commit/83eb07bc6c84d841329d4f88856fecdba86f753e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mvantellingen/python-zeep/commit/83eb07bc6c84d841329d4f88856fecdba86f753e"
},
{
"name": "https://github.com/mvantellingen/python-zeep/releases/tag/4.3.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mvantellingen/python-zeep/releases/tag/4.3.3"
}
],
"source": {
"advisory": "GHSA-4cc2-g9w2-fhf6",
"discovery": "UNKNOWN"
},
"title": "Zeep SSRF because Settings.forbid_external is not enforced"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58501",
"datePublished": "2026-07-08T19:31:55.937Z",
"dateReserved": "2026-06-30T20:21:25.813Z",
"dateUpdated": "2026-07-09T13:20:46.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58478 (GCVE-0-2026-58478)
Vulnerability from cvelistv5 – Published: 2026-07-14 14:41 – Updated: 2026-07-14 22:03 X_Open Source- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/#/advisories/ZSL-2026-5998 | technical-descriptionexploit |
| https://www.vulncheck.com/advisories/sustainable-… | third-party-advisory |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageURL": "pkg:github/Dan-in-CA/SIP",
"product": "SIP",
"repo": "https://github.com/Dan-in-CA/SIP",
"vendor": "Dan-in-CA",
"versions": [
{
"lessThanOrEqual": "5.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2026-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attackers can exploit the lack of destination validation and the default passphrase \u0027opendoor\u0027 to send blind HTTP requests to arbitrary internal or external hosts not otherwise directly accessible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:16.334Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Advisory (ZSL-2026-5998)",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.zeroscience.mk/#/advisories/ZSL-2026-5998"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sustainable-irrigation-platform-ssrf-via-node-red-callback-url"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-58478",
"datePublished": "2026-07-14T14:41:54.079Z",
"dateReserved": "2026-06-30T20:20:33.791Z",
"dateUpdated": "2026-07-14T22:03:16.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58468 (GCVE-0-2026-58468)
Vulnerability from cvelistv5 – Published: 2026-07-07 19:27 – Updated: 2026-07-14 22:03 X_Open Source- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/nocobase/nocobase/issues/9962 | technical-descriptionexploit |
| https://github.com/nocobase/nocobase/pull/9966 | issue-tracking |
| https://github.com/nocobase/nocobase/commit/5706f… | |
| https://www.vulncheck.com/advisories/nocobase-ser… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T16:48:33.586731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T17:11:00.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageURL": "pkg:github/nocobase/nocobase",
"product": "nocobase",
"repo": "https://github.com/nocobase/nocobase",
"vendor": "nocobase",
"versions": [
{
"lessThanOrEqual": "2.1.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nocobase:nocobase:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attackers can target loopback addresses, RFC-1918 private ranges, and cloud instance metadata endpoints to perform internal network port enumeration, host discovery, and retrieval of IAM role credentials from the instance metadata service. v2.1.18 added a warning message for when SERVER_REQUEST_WHITELIST is not configured."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:10.298Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/nocobase/nocobase/issues/9962"
},
{
"name": "Mitigation PR",
"tags": [
"issue-tracking"
],
"url": "https://github.com/nocobase/nocobase/pull/9966"
},
{
"name": "Mitigation Commit",
"url": "https://github.com/nocobase/nocobase/commit/5706fb48d9bbe190f9e0044c6d5c87fc5b68c7f1"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nocobase-server-side-request-forgery-via-serverrequest-wrapper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-58468",
"datePublished": "2026-07-07T19:27:58.922Z",
"dateReserved": "2026-06-30T20:20:33.790Z",
"dateUpdated": "2026-07-14T22:03:10.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58418 (GCVE-0-2026-58418)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-06 15:14| URL | Tags |
|---|---|
| https://github.com/go-gitea/gitea/security/adviso… | vendor-advisory |
| https://github.com/go-gitea/gitea/pull/38108 | patch |
| https://github.com/go-gitea/gitea/releases/tag/v1.26.4 | release-notes |
| https://blog.gitea.com/release-of-1.26.3-and-1.26.4/ | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.25.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:14:49.948162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:14:53.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-rqhx-647v-wx32"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.25.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "moltenbit"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF via HTTP Redirect in Repository Migration"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:51.149Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-rqhx-647v-wx32"
},
{
"name": "GitHub Pull Request #38108",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38108"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "SSRF via HTTP Redirect in Repository Migration",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58418",
"datePublished": "2026-07-03T20:54:51.149Z",
"dateReserved": "2026-06-30T18:57:20.613Z",
"dateUpdated": "2026-07-06T15:14:53.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.