EUVD-2026-11673

@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch...

SUSE CVE-2026-31837

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

PT-2026-25082

Name of the Vulnerable Software and Affected Versions Centrifugo versions prior to 6.7.0 Description Centrifugo is susceptible to a Server-Side Request Forgery SSRF condition when configured with a dynamic JWKS endpoint URL that utilizes template variables, such as tenant. An unauthenticated...

CVE-2026-32096

Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

PT-2026-24837

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied ha url and makes a server-side HTTP request to ha url/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

CVE-2026-31837 Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

CVE-2026-31837

CVE-2026-31837 affects Istio prior to versions 1.29.1, 1.28.5, and 1.27.8. If the JWKS resolver becomes unavailable or a fetch fails, a user is exposed to hardcoded defaults regardless of the use of the RequestAuthentication resource. This can impact confidentiality and system behavior as default...

CVE-2026-31837 Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

EUVD-2026-10874

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

GO-2026-4643 WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources in github.com/Tencent/WeKnora

WeKnora has DNS Rebinding Vulnerability in webfetch Tool that Allows SSRF to Internal Resources in github.com/Tencent/WeKnora...

ROS-20260310-73-0037

A vulnerability in the Background Fetch API of the Google Chrome browser is related to errors in the implementation of security checks for standard elements. Exploitation of the vulnerability allows an attacker acting remotely to disclose protected information using a specially crafted HTML page...

GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass

Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...

GHSA-6MGF-V5J7-45CR OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects

OpenClaw's fetchWithSsrFGuard... followed cross-origin redirects while preserving arbitrary caller-supplied headers except for a narrow denylist Authorization, Proxy-Authorization, Cookie, Cookie2. This allowed custom authorization headers such as X-Api-Key, Private-Token, and similar sensitive...

CVE-2026-3734

A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...