PT-2026-39214

Name of the Vulnerable Software and Affected Versions Postiz versions 2.16.6 through 2.21.6 Description Postiz is an AI social media scheduling tool. A Time-of-Check-Time-of-Use TOCTOU issue exists where the isSafePublicHttpsUrl function resolves DNS to validate the target IP, but subsequent fetc...

PromptHub 输入验证错误漏洞

PromptHub is an AI prompt and skill management tool developed by Legeling. In versions 0.4.9 to 0.5.4 of PromptHub, there was a vulnerability related to input validation errors. This vulnerability stemmed from the endpoint POST /api/skills/fetch-remote, which retrieves the URL provided by the use...

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from inconsistent SSRF protections in the handling of MCP tool URLs, which...

New API 代码问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.9-alpha.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection for the unspecified address 0.0.0.0, which could allow users with valid API tokens to bypas...

PT-2026-39264

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.7 Description The MCP Registry contains a Server-Side Request Forgery SSRF issue in its HTTP-based namespace verification process. The system uses a function called safeDialContext to prevent connections to...

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Summary The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. The patch advisory states "Decimal/hexadecimal IP encoding bypasses are also handled" — that part is true Node's WHATWG URL pars...

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix IPv6 + redirect vulnerability discovered by ? in WordPress Npm nuxt-og-image versions = 6.2.5, 6.4.9...

CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

CVE-2026-42449

Summary: CVE-2026-42449 affects n8n-mcp SDK embedder paths where SSRF protection (SSRFProtection.validateUrlSync) fails to validate IPv4-mapped IPv6 addresses, enabling an attacker-controlled n8nApiUrl to cause the server to make HTTP requests to internal networks, cloud metadata endpoints, or lo...

CVE-2026-42449

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

Security Bulletin: Improper Hostname Normalization in Axios Enables NO_PROXY Bypass and SSRF Attacks

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching an...

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

PT-2026-38594

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...

PT-2026-38444

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...

GHSA-WWWC-F646-VJ2J Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-536q-mj95-h29h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger...