Lucene search
K

89 matches found

OSV
OSV
added 2026/06/19 9:16 p.m.7 views

GHSA-M999-J542-5W3R Open Redirect Bypass in miniflux-v2

Summary The URL restrictions in miniflux-v2 can be bypassed by attackers, leading to an open redirect vulnerability. Details Normally, the redirect URL needs to be validated using IsRelativePath. There are some security measures in place, such as requiring relative paths, prohibiting host and...

5.1CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.8 views

PT-2026-51095

Name of the Vulnerable Software and Affected Versions miniflux-v2 affected versions not specified Description URL restrictions can be bypassed, leading to an open redirect. The application uses the IsRelativePath function to validate redirect URLs by requiring relative paths and prohibiting host ...

5.1CVSS5.9AI score
Exploits0References4
Veracode
Veracode
added 2026/03/06 7:24 a.m.7 views

Open Redirect

miniflux.app/v2 is vulnerable to Open Redirect. The vulnerability is due to improper validation of the redirecturl parameter where protocol-relative URLs bypass the url.Parse....IsAbs check, which allows an attacker to redirect users to attacker-controlled websites after login...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/17 12:25 a.m.4 views

SUSE CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/01/12 5:39 p.m.5 views

GO-2026-4287 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/08 2:46 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 2:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

8.8CVSS6.7AI score0.00258EPSS
Exploits1References2
NVD
NVD
added 2026/01/08 2:15 p.m.4 views

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS0.00258EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/01/08 2:15 p.m.5 views

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS5.8AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/01/08 2:15 p.m.2 views

UBUNTU-CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS5.8AI score0.00258EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/08 1:57 p.m.2 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS6.3AI score0.00258EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/08 1:57 p.m.7 views

EUVD-2026-1186

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS6.2AI score0.00258EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/08 1:57 p.m.26 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS0.00258EPSS
Exploits1References1
CVE
CVE
added 2026/01/08 1:57 p.m.29 views

CVE-2026-21885

CVE-2026-21885 : Miniflux 2 prior to 2.2.16 exposes a media proxy endpoint (GET /proxy/{encodedDigest}/{encodedURL}) that can be exploited for SSRF. An authenticated user can generate a signed proxy URL for media URLs embedded in feed content, including internal addresses (localhost, RFC1918, lin...

6.5CVSS6.3AI score0.00258EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/08 1:57 p.m.4 views

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS6.7AI score0.00258EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/01/08 1:57 p.m.4 views

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

6.5CVSS4.8AI score0.00258EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform...

6.5CVSS5.8AI score0.00258EPSS
Exploits1References3
Rows per page
Query Builder