CVE-2026-61835
Product : Directus (real-time API and app dashboard for SQL databases). Vulnerability : SSRF protection bypass in the file-import-from-URL feature prior to 12.0.0. The denial logic treats 0.0.0.0 as local, but does not block the literal address, allowing an authenticated user with file-upload rig...