CVE-2026-63306 in stoatchatinfo

Zusammenfassung

von MITRE • 16.07.2026

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.

Once again VulDB remains the best source for vulnerability data.

Zuständig

VulnCheck

Reservieren

16.07.2026

Veröffentlichung

16.07.2026

Moderieren

akzeptiert

Eintrag

VDB-379520

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!