CVE-2026-36758
CVE-2026-36758 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/-/install-from-uri endpoint. Authenticated attackers can trigger the vulnerability with a crafted GET request to scan internal resources. The issue is documented across multiple sources (NVD, CVE ...