Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation Upgrade github.com/binwiederhier/ntfy/v2/server to version 2.21.0 or...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation Upgrade heckel.io/ntfy/v2/server to version 2.21.0 or higher. Reference...

EUVD-2026-25232

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function...

ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...

ntfy 代码注入漏洞

NTFY is a notification service system developed by Philipp Heckel, designed to enable cross-device message delivery through the publish-subscribe mechanism. Versions of NTFY prior to version 2.21 contained a code injection vulnerability. This vulnerability stemmed from issues with the parseAction...