2 matches found
CVE-2026-56779
MaxKB
CVE-2026-56779 MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...