EUVD-2026-34972

🗓️ 06 Jun 2026 16:30:12Reported by EUVDType

Flaw in perfree go-fastdfs-web up to 1.3.7 enables remote server-side request forgery checkServer.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-11437	6 Jun 202616:30	–	attackerkb
CVE	CVE-2026-11437	6 Jun 202616:30	–	cve
Cvelist	CVE-2026-11437 perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery	6 Jun 202616:30	–	cvelist
NVD	CVE-2026-11437	6 Jun 202617:16	–	nvd
Positive Technologies	PT-2026-47159	6 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "41ad5cb7-f650-3de9-a324-b03966d35145",
        "vendor": {
          "name": "perfree"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1870e727-0f86-3e31-b475-a0c984493627",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.2"
      },
      {
        "id": "53ce5e3e-2bf2-39bd-95dc-235784150f9c",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.5"
      },
      {
        "id": "610fb533-9087-3e33-a38b-5499e1ce1a48",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.1"
      },
      {
        "id": "61649225-1d22-32a5-8457-3eecd5e3da46",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.4"
      },
      {
        "id": "6b31d996-9279-3db3-a153-9b21497361d5",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.7"
      },
      {
        "id": "7ae5c78f-e38a-3898-917f-37448df46d05",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.6"
      },
      {
        "id": "885203c6-af4d-3711-b3b2-1d73340a16c0",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.3"
      },
      {
        "id": "cf6b7925-f982-30bc-8ff5-98a725715393",
        "product": {
          "name": "go-fastdfs-web",
          "vendor": {
            "name": "perfree"
          }
        },
        "product_version": "1.3.0"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/369017
vuldb	www.vuldb.com/vuln/369017/cti
vuldb	www.vuldb.com/cve/CVE-2026-11437
vuldb	www.vuldb.com/submit/822726
notion	www.notion.so/Server-Side-Request-Forgery-SSRF-in-go-fastdfs-web-Installation-Endpoint-35aea92a3c41806485ffeeac7e18126a

06 Jun 2026 16:30Current

5Medium risk

Vulners AI Score5

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3