CVE-2026-41170
Squidex -- CVE-2026-41170: Prior to 7.23.0, the RestoreController.PostRestoreJob endpoint lets an authenticated admin specify an arbitrary URL for downloading backups via the Backup HttpClient without SSRF protection. This enables internal or external network probing and access to sensitive resou...