9 matches found
CVE-2026-27567
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
Server-side Request Forgery (SSRF)
Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the external file upload endpoint due to insufficient validation of HTTP redirects. An attacker can access internal network...
Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads
Impact A Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. Users are affected ...
GHSA-HHFX-5X8J-F5F6 Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads
Impact A Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. Users are affected ...
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
CVE-2026-27567
Payload CMS (free, open source headless) prior to v3.75.0 contains an SSRF in external file URL uploads. When processing external URLs, insufficient validation of HTTP redirects can allow an authenticated user with upload permissions (needs a collection with upload enabled and create access) to c...
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
PT-2026-21760
Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.75.0 Description Payload is a free and open source headless content management system. A Server-Side Request Forgery SSRF issue exists in the external file upload functionality. Insufficient validation of HTTP...