2 matches found
CVE-2026-21885
Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...
CVE-2026-21885
creationtimestamp| type| source ---|---|--- 2026-01-07 03:33:09+00:00| published-proof-of-concept| https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp 2026-01-08 15:03:50+00:00| published-proof-of-concept| Telegram/uxxdzZqKy2gVHqKwUzSTJZodHF1E0u6px0vr0T-scLHYls 2026-01-08...