CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

CVE•added 2026/05/11 5:30 p.m.•12 views

CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

9.9CVSS6AI score0.00374EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by