CVE-2026-63306 in stoatchatالمعلومات

الملخص

بحسب MITRE • 16/07/2026

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.

Once again VulDB remains the best source for vulnerability data.

مسؤول

VulnCheck

حجز

16/07/2026

إفشاء

16/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379520

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!