2 matches found
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
lemmy_api (>=0.11.3-rc.5 <=0.16.2-rc.1), lemmy_api_crud (>=0.11.3-rc.5 <=0.16.2-rc.1) +5 more potentially affected by CVE-2026-42181 via lemmy_api_common (>=0.11.3-rc.5 <=0.16.2-rc.1)
lemmyapicommon CARGO version =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.16.2-rc.1 Source cves: CVE-2026-42181 Source advisory: OSV:GHSA-H6HF-9846-XWRQ...