Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseActions function. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediation A fix was pushed into the master branch but not yet published. Referenc...

GHSA-PQHX-W72W-M393 ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

PT-2026-34669

Name of the Vulnerable Software and Affected Versions ntfy.sh versions prior to 2.21 Description A remote attacker can execute arbitrary code through the parseActions function. Recommendations Update to version 2.21 or later. As a temporary workaround, consider restricting access to the...

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...

CVE-2026-39087

CVE-2026-39087 affects ntfy.sh (Ntfy) prior to v2.21. The issue is in the parseActions function, enabling a remote attacker to execute arbitrary code. Affected: ntfy.sh

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...