CVE-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

PT-2026-34205

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit that allows any URL with a hostname matching webSiteRootURL to bypass Server-Side Request Forgery SSRF...

CVE-2026-39370 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

GO-2026-4631 PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab

PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab...

CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...

CVE-2026-30834

PinchTab exposes a high-severity SSRF via GET /download?url=, where the server passes user-controlled URL directly to headless Chrome (chromedp.Navigate) without validation. This allows exfiltration of the full HTTP response from arbitrary destinations: local files (file://), internal services, a...

CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...

CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...

GHSA-RW8P-C6HF-Q3PG PinchTab has SSRF with Full Response Exfiltration via Download Handler

SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...