Lucene search
K

4 matches found

NVD
NVD
added 2026/03/05 7:16 p.m.15 views

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:23 p.m.4 views

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.8AI score0.00199EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/05 4:23 p.m.7 views

EUVD-2026-9845

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.8AI score0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 4:23 p.m.28 views

CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS0.00199EPSS
Exploits0References2
Rows per page
Query Builder