CVE-2026-32133 in 2FAuth情報

要約

〜によって MITRE • 2026年03月12日

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. The image parameter in OTP URL is not properly validated for internal / private IP addresses before making HTTP requests. While the previous fix added response validation to ensure only valid images are stored but HTTP request is still made to arbitrary URLs before this validation occurs. This vulnerability is fixed in 6.1.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年03月10日

公開

2026年03月12日

モデレーション

承諾済み

エントリ

VDB-350638

CPE

準備完了

CWE

CWE-918 (確認済み)

CVSS

9.1 (NVD)

EPSS

0.00088

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32133
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32133
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32133/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!