CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

PromptHub 输入验证错误漏洞

PromptHub is an AI prompt and skill management tool developed by Legeling. In versions 0.4.9 to 0.5.4 of PromptHub, there was a vulnerability related to input validation errors. This vulnerability stemmed from the endpoint POST /api/skills/fetch-remote, which retrieves the URL provided by the use...

CVE-2026-32812

Admidio CVE-2026-32812 affects versions 5.0.0–5.0.6 where the SSO Metadata API endpoint at modules/sso/fetch_metadata.php reads a user-supplied URL and passes it to file_get_contents() after only PHP FILTER_VALIDATE_URL validation. This allows an authenticated administrator to cause Local File Re...