CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4625 vulnerabilities reference this CWE, most recent first.
CVE-2026-11395 (GCVE-0-2026-11395)
Vulnerability from cvelistv5 – Published: 2026-06-18 06:50 – Updated: 2026-06-18 15:52- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| mariovalney | CF7 to Webhook |
Affected:
0 , ≤ 5.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T15:52:25.322267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T15:52:32.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CF7 to Webhook",
"vendor": "mariovalney",
"versions": [
{
"lessThanOrEqual": "5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Peterson"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pull_the_trigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires that the admin-configured webhook URL contains a Contact Form 7 field placeholder in the host segment of the URL, and that the affected form is publicly accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T06:50:06.521Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/caa5b9aa-e98c-48fc-9e63-0a1380465918?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cf7-to-zapier/tags/5.0.0/modules/zapier/class-module-zapier.php#L150"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cf7-to-zapier/tags/5.0.0/modules/cf7/class-module-cf7.php#L351"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cf7-to-zapier/tags/5.0.0/modules/cf7/class-module-cf7.php#L524"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3562661%40cf7-to-zapier\u0026new=3562661%40cf7-to-zapier\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T17:12:17.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-17T18:15:54.000Z",
"value": "Disclosed"
}
],
"title": "CF7 to Webhook \u003c= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11395",
"datePublished": "2026-06-18T06:50:06.521Z",
"dateReserved": "2026-06-05T16:22:22.915Z",
"dateUpdated": "2026-06-18T15:52:32.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11370 (GCVE-0-2026-11370)
Vulnerability from cvelistv5 – Published: 2026-06-24 05:33 – Updated: 2026-06-29 19:13- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| joomunited | WP Meta SEO |
Affected:
0 , ≤ 4.5.18
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T19:13:47.844862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T19:13:55.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Meta SEO",
"vendor": "joomunited",
"versions": [
{
"lessThanOrEqual": "4.5.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Enes Ismail"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the \u0027new_link\u0027 parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The HTTP response status from outbound requests is reflected back in the AJAX JSON response as status_code, providing an enumeration oracle usable for probing internal hosts and cloud metadata services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T05:33:23.066Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6e37c1-aaac-4642-bace-234bbc4f6c38?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-meta-seo/tags/4.5.18/inc/class.metaseo-broken-link-table.php#L1138"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-meta-seo/tags/4.5.18/inc/class.metaseo-broken-link-table.php#L2013"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-meta-seo/tags/4.5.18/inc/class.metaseo-admin.php#L4783"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T16:46:49.000Z",
"value": "Disclosed"
}
],
"title": "WP Meta SEO \u003c= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via \u0027new_link\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11370",
"datePublished": "2026-06-24T05:33:23.066Z",
"dateReserved": "2026-06-05T12:01:15.956Z",
"dateUpdated": "2026-06-29T19:13:55.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11346 (GCVE-0-2026-11346)
Vulnerability from cvelistv5 – Published: 2026-06-05 11:31 – Updated: 2026-06-05 20:10- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://linqi.help/en/reference/security/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| linqi GmbH | linqi |
Affected:
0 , < 1.4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:10:22.377707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:10:29.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "linqi",
"vendor": "linqi GmbH",
"versions": [
{
"lessThan": "1.4.8.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ianis BERNARD from NATO Cyber Security Centre (NCSC)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.\u003c/p\u003e"
}
],
"value": "A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T11:53:39.545Z",
"orgId": "86c47df7-7d28-48da-920a-6423c52fd3da",
"shortName": "linqi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://linqi.help/en/reference/security/security-advisories/#security-advisory-server-side-request-forgery-ssrf-allowing-internal-network-probing"
}
],
"title": "Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi"
}
},
"cveMetadata": {
"assignerOrgId": "86c47df7-7d28-48da-920a-6423c52fd3da",
"assignerShortName": "linqi",
"cveId": "CVE-2026-11346",
"datePublished": "2026-06-05T11:31:06.652Z",
"dateReserved": "2026-06-05T08:52:34.489Z",
"dateUpdated": "2026-06-05T20:10:29.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10771 (GCVE-0-2026-10771)
Vulnerability from cvelistv5 – Published: 2026-06-03 21:30 – Updated: 2026-06-04 13:14- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368137 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368137/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10771 | third-party-advisory |
| https://vuldb.com/submit/831421 | third-party-advisory |
| https://github.com/crmeb/crmeb_java/issues/35 | exploitissue-tracking |
| https://github.com/crmeb/crmeb_java/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| crmeb | crmeb_java |
Affected:
1.4
cpe:2.3:a:crmeb:crmeb_java:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10771",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:14:49.468681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:14:56.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:crmeb:crmeb_java:*:*:*:*:*:*:*:*"
],
"modules": [
"base64 Qrcode Endpoint"
],
"product": "crmeb_java",
"vendor": "crmeb",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mukyuuhate (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T21:30:09.322Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368137 | crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368137"
},
{
"name": "VDB-368137 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368137/cti"
},
{
"name": "CVE-2026-10771 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10771"
},
{
"name": "Submit #831421 | https://github.com/crmeb/crmeb_java crmeb_java v1.4 Server -Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831421"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/crmeb/crmeb_java/issues/35"
},
{
"tags": [
"product"
],
"url": "https://github.com/crmeb/crmeb_java/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-03T17:47:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10771",
"datePublished": "2026-06-03T21:30:09.322Z",
"dateReserved": "2026-06-03T15:42:12.686Z",
"dateUpdated": "2026-06-04T13:14:56.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10690 (GCVE-0-2026-10690)
Vulnerability from cvelistv5 – Published: 2026-06-02 23:15 – Updated: 2026-06-03 14:04 X_Open Source- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367959 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367959/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10690 | third-party-advisory |
| https://vuldb.com/submit/830735 | third-party-advisory |
| https://github.com/wonderwhy-er/DesktopCommanderM… | exploitissue-tracking |
| https://github.com/sorlen008/DesktopCommanderMCP/… | patch |
| https://github.com/wonderwhy-er/DesktopCommanderMCP/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| wonderwhy-er | DesktopCommanderMCP |
Affected:
0.2.37
cpe:2.3:a:wonderwhy-er:desktopcommandermcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T14:04:11.391815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T14:04:32.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/830735"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:wonderwhy-er:desktopcommandermcp:*:*:*:*:*:*:*:*"
],
"modules": [
"read_file"
],
"product": "DesktopCommanderMCP",
"vendor": "wonderwhy-er",
"versions": [
{
"status": "affected",
"version": "0.2.37"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "skywings (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 53699bebba9950047bca16ac4dc8f0568f596aaa. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T23:15:08.998Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367959 | wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367959"
},
{
"name": "VDB-367959 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367959/cti"
},
{
"name": "CVE-2026-10690 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10690"
},
{
"name": "Submit #830735 | wonderwhy-er DesktopCommanderMCP 0.2.37 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/830735"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/410"
},
{
"tags": [
"patch"
],
"url": "https://github.com/sorlen008/DesktopCommanderMCP/commit/53699bebba9950047bca16ac4dc8f0568f596aaa"
},
{
"tags": [
"product"
],
"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-02T17:45:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10690",
"datePublished": "2026-06-02T23:15:08.998Z",
"dateReserved": "2026-06-02T15:40:39.523Z",
"dateUpdated": "2026-06-03T14:04:32.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10662 (GCVE-0-2026-10662)
Vulnerability from cvelistv5 – Published: 2026-06-02 22:00 – Updated: 2026-06-03 13:28 X_Open Source- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367957 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367957/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10662 | third-party-advisory |
| https://vuldb.com/submit/830488 | third-party-advisory |
| https://github.com/ahujasid/blender-mcp/issues/203 | exploitissue-tracking |
| https://github.com/ahujasid/blender-mcp/pull/205 | issue-trackingpatch |
| https://github.com/bergskenop/blender-mcp/commit/… | patch |
| https://github.com/ahujasid/blender-mcp/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| ahujasid | blender-mcp |
Affected:
7636d13bded82eca58eb93c3f4cd8708dfdfbe8b
cpe:2.3:a:ahujasid:blender-mcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10662",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:28:13.207285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:28:22.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ahujasid:blender-mcp:*:*:*:*:*:*:*:*"
],
"modules": [
"ZIP File Handler"
],
"product": "blender-mcp",
"vendor": "ahujasid",
"versions": [
{
"status": "affected",
"version": "7636d13bded82eca58eb93c3f4cd8708dfdfbe8b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "skywings (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP File Handler. The manipulation of the argument zip_file_url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The patch is identified as 5b37be25242e73dc4cf1328974d30458b9e5d67e. It is advisable to implement a patch to correct this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T22:00:12.762Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367957 | ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367957"
},
{
"name": "VDB-367957 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367957/cti"
},
{
"name": "CVE-2026-10662 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10662"
},
{
"name": "Submit #830488 | ahujasid blender-mcp Latest Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/830488"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ahujasid/blender-mcp/issues/203"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/ahujasid/blender-mcp/pull/205"
},
{
"tags": [
"patch"
],
"url": "https://github.com/bergskenop/blender-mcp/commit/5b37be25242e73dc4cf1328974d30458b9e5d67e"
},
{
"tags": [
"product"
],
"url": "https://github.com/ahujasid/blender-mcp/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-02T17:30:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10662",
"datePublished": "2026-06-02T22:00:12.762Z",
"dateReserved": "2026-06-02T15:24:57.055Z",
"dateUpdated": "2026-06-03T13:28:22.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10586 (GCVE-0-2026-10586)
Vulnerability from cvelistv5 – Published: 2026-06-04 23:28 – Updated: 2026-06-12 16:08- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns |
Affected:
0 , ≤ 6.1.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T16:08:33.293428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T16:08:43.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
"vendor": "wpdevteam",
"versions": [
{
"lessThanOrEqual": "6.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shambles"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T23:28:52.002Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08906577-162c-4875-b16c-18d4912c2611?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.3/includes/Integrations/AI/AI.php#L171"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-06-01T19:42:41.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-04T10:40:13.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns \u003c= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-10586",
"datePublished": "2026-06-04T23:28:52.002Z",
"dateReserved": "2026-06-01T19:26:38.526Z",
"dateUpdated": "2026-06-12T16:08:43.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10583 (GCVE-0-2026-10583)
Vulnerability from cvelistv5 – Published: 2026-06-02 02:45 – Updated: 2026-06-02 12:22- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367710 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367710/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10583 | third-party-advisory |
| https://vuldb.com/submit/829407 | third-party-advisory |
| https://github.com/nextlevelbuilder/goclaw/issues/1132 | exploitissue-tracking |
| https://github.com/digitopvn/goclaw/issues/30 | issue-tracking |
| https://github.com/nextlevelbuilder/goclaw/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| nextlevelbuilder | GoClaw |
Affected:
3.11.0
Affected: 3.11.1 Affected: 3.11.2 Affected: 3.11.3 cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:21:48.626737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:22:01.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"TTS Configuration Endpoint"
],
"product": "GoClaw",
"vendor": "nextlevelbuilder",
"versions": [
{
"status": "affected",
"version": "3.11.0"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T02:45:08.811Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367710 | nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367710"
},
{
"name": "VDB-367710 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367710/cti"
},
{
"name": "CVE-2026-10583 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10583"
},
{
"name": "Submit #829407 | nextlevelbuilder GoClaw \u003c= 3.11.3 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/829407"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/nextlevelbuilder/goclaw/issues/1132"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/digitopvn/goclaw/issues/30"
},
{
"tags": [
"product"
],
"url": "https://github.com/nextlevelbuilder/goclaw/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-01T20:22:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10583",
"datePublished": "2026-06-02T02:45:08.811Z",
"dateReserved": "2026-06-01T18:17:50.467Z",
"dateUpdated": "2026-06-02T12:22:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10581 (GCVE-0-2026-10581)
Vulnerability from cvelistv5 – Published: 2026-06-02 02:30 – Updated: 2026-06-02 13:15- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367676 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367676/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10581 | third-party-advisory |
| https://vuldb.com/submit/829404 | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T13:15:31.886946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:15:49.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*"
],
"product": "DedeCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.7.88"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "R21Z20 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T02:30:08.479Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367676 | DedeCMS download.php base64_decode server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367676"
},
{
"name": "VDB-367676 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367676/cti"
},
{
"name": "CVE-2026-10581 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10581"
},
{
"name": "Submit #829404 | DedeCMS DedeCMS Content Management System v5.7.88 Server-Side Request Forgery (SSRF) / Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/829404"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-01T20:00:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "DedeCMS download.php base64_decode server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10581",
"datePublished": "2026-06-02T02:30:08.479Z",
"dateReserved": "2026-06-01T17:55:38.252Z",
"dateUpdated": "2026-06-02T13:15:49.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10564 (GCVE-0-2026-10564)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:51 – Updated: 2026-07-01 14:48- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7277995 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Langflow OSS |
Affected:
1.0.0 , ≤ 1.9.6
(semver)
cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:48:29.169502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:48:45.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
],
"product": "Langflow OSS",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.9.6",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.\u003c/p\u003e"
}
],
"value": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:51:55.253Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277995"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
}
],
"title": "SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-10564",
"datePublished": "2026-06-30T19:51:55.253Z",
"dateReserved": "2026-06-01T16:26:04.641Z",
"dateUpdated": "2026-07-01T14:48:45.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.