CVE-2026-41171

Squidex (open source headless CMS) Versions prior to 7.23.0 are affected by an SSRF vulnerability in the Jint HTTP client used by scripting functions (e.g., getJSON, request). An authenticated user with low privileges can force the server to make arbitrary outbound HTTP requests to attacker-contr...