1981 matches found
CVE-2026-54242 Statamic: Server-Side Request Forgery via Glide (DNS rebinding)
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly...
CVE-2026-54242
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly...
MindsDB -DNS Rebinding SSRF Protection Bypass
Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...
CVE-2026-62212
CVE-2026-62212 affects OpenClaw prior to 2026.5.28. A race condition exists in the MS Teams safeFetch DNS rebinding check when the affected feature is enabled and reachable. A lower-trust caller or configured input path could win the timing window between DNS validation and usage, enabling action...
CVE-2026-62212 OpenClaw < 2026.5.28 Authentication Bypass via safeFetch
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
CVE-2026-61430
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...
nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling
A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...
CVE-2026-61430 PraisonAI before 1.6.78 DNS Rebinding SSRF via web_crawl
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...
EUVD-2026-44639
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...
EUVD-2026-43555
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...
CVE-2026-62240
CVE-2026-62240 overview : CrewAI before 1.15.1 is affected by a server-side request forgery in the validate_url function, which performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. An attacker can bypass the security filter by providing URLs that redi...
CVE-2026-62240 CrewAI < 1.15.1 SSRF Filter Bypass via HTTP Redirect in Scrape Tools
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...
CVE-2026-62240 CrewAI < 1.15.1 SSRF Filter Bypass via HTTP Redirect in Scrape Tools
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...
PT-2026-57904
Name of the Vulnerable Software and Affected Versions CrewAI versions prior to 1.15.1 Description A server-side request forgery SSRF issue exists in the validate url function. The function performs one-shot DNS resolution and blocklist checks but returns the original URL unchanged. This allows...
CVE-2026-61429
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
CVE-2026-61429
CVE-2026-61429 affects PraisonAI before 1.6.78. A SSRF in the Crawl4AI/Chromium backend allows bypassing initial validation via DNS rebinding and HTTP redirects, enabling a headless browser to access internal services and read internal responses including sensitive canary values. The CVSS metrics...
CVE-2026-61429 PraisonAI before 1.6.78 SSRF via Crawl4AI Chromium backend
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
EUVD-2026-43178
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
CVE-2026-55671
ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...
GHSA-489G-7RXV-6C8Q MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)
Summary GHSA-7r34-79r5-rcc9's fix added validateurlforssrf, which resolves the attacker-controlled X-Atlassian-Jira,Confluence-Url header host once at middleware time and trusts the result. But the outbound request is later built with the raw hostname and re-resolves at connect time with no IP...