CVE-2026-40168
Postiz is affected by a Server-Side Request Forgery (SSRF) in the /api/public/stream endpoint prior to version 2.21.5. The vulnerability arises because the app validates the initially supplied URL and blocks direct private/internal hosts, but does not re-validate the final destination after HTTP ...