6 matches found
CVE-2026-40487
Postiz is an AI social media scheduling tool. Before version 2.21.6, a file upload validation bypass lets any authenticated user upload HTML/SVG or other executable types by spoofing Content-Type, after which nginx serves them with a Content-Type derived from the original extension (text/html, im...
CVE-2026-40168
Postiz is affected by a Server-Side Request Forgery (SSRF) in the /api/public/stream endpoint prior to version 2.21.5. The vulnerability arises because the app validates the initially supplied URL and blocks direct private/internal hosts, but does not re-validate the final destination after HTTP ...
CVE-2026-42298
CVE-2026-42298 affects Postiz (AI social media scheduling tool). The issue arises in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml), where an unauthenticated user can cause arbitrary code execution during Docker image build by submitting a fork with a malic...
CVE-2026-34576
Postiz (AI social media scheduling tool) has a SSRF vulnerability in the POST /public/v1/upload-from-url endpoint prior to version 2.21.3. An authenticated API user can supply a URL, which is fetched server-side via axios.get() without SSRF protections; only file-extension validation exists (e.g....
CVE-2026-34577
Postiz (AI social media scheduling) before version 2.21.3 was vulnerable to an unauthenticated SSRF via GET /public/stream. The endpoint proxies a user-supplied url parameter and only validates url.endsWith('mp4'), which is trivially bypassed by appending .mp4 in the parameter or URL fragment, al...
CVE-2026-34590
Postiz (AI social media scheduling tool) contains a vulnerability in the POST /webhooks/ endpoint prior to v2.21.4, where WebhooksDto validates the url with only @IsUrl() (format check) and lacks @IsSafeWebhookUrl, allowing blind SSRF because the orchestrator fetches the stored webhook URL withou...