CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/12 5:39 p.m.•4 views

GO-2026-4287 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app...

6.5CVSS6.8AI score0.00054EPSS

RedhatCVE•added 2026/01/10 5:41 a.m.•1 views

CVE-2026-21885

6.5CVSS6.8AI score0.00054EPSS

Snyk•added 2026/01/08 2:46 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

Snyk•added 2026/01/08 2:46 p.m.•2 views

Server-side Request Forgery (SSRF)

Snyk•added 2026/01/08 2:46 p.m.•1 views

Server-side Request Forgery (SSRF)

Snyk•added 2026/01/08 2:46 p.m.•1 views

Server-side Request Forgery (SSRF)

NVD•added 2026/01/08 2:15 p.m.•3 views

CVE-2026-21885

6.5CVSS0.00054EPSS

OSV•added 2026/01/08 2:15 p.m.•0 views

UBUNTU-CVE-2026-21885

6.5CVSS5.8AI score0.00054EPSS

UbuntuCve•added 2026/01/08 2:15 p.m.•2 views

CVE-2026-21885

6.5CVSS5.8AI score0.00054EPSS

EUVD•added 2026/01/08 1:57 p.m.•3 views

EUVD-2026-1186

6.5CVSS6.2AI score0.00054EPSS

CVE•added 2026/01/08 1:57 p.m.•12 views

CVE-2026-21885

CVE-2026-21885 : Miniflux 2 prior to 2.2.16 exposes a media proxy endpoint (GET /proxy/{encodedDigest}/{encodedURL}) that can be exploited for SSRF. An authenticated user can generate a signed proxy URL for media URLs embedded in feed content, including internal addresses (localhost, RFC1918, lin...

6.5CVSS6.3AI score0.00054EPSS

Exploits1References1Affected Software1

Debian CVE•added 2026/01/08 1:57 p.m.•4 views

CVE-2026-21885

6.5CVSS4.8AI score0.00054EPSS

Exploits1

Cvelist•added 2026/01/08 1:57 p.m.•22 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

6.5CVSS0.00054EPSS

Vulnrichment•added 2026/01/08 1:57 p.m.•2 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

6.5CVSS6.3AI score0.00054EPSS

OSV•added 2026/01/08 1:57 p.m.•2 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

6.5CVSS6.7AI score0.00054EPSS

CNNVD•added 2026/01/08 12:0 a.m.•1 views

Miniflux 安全漏洞

Miniflux is a minimalist synopsis reader open-sourced by Miniflux. A security vulnerability exists in Miniflux 2 versions prior to 2.2.16, which stems from a media proxy endpoint that can be abused, potentially leading to server-side request forgery...

6.5CVSS6.4AI score0.00054EPSS

Tenable Nessus•added 2026/01/08 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-21885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform...

6.5CVSS5.8AI score0.00054EPSS

OSV•added 2026/01/07 7:22 p.m.•2 views

GHSA-XWH2-742G-W3WP Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Summary Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresse...

6.5CVSS6.7AI score0.00054EPSS