CVE-2026-54562 in Cloudreve정보

요약

\~에 의해 MITRE • 2026. 07. 15.

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or redirect-to-loopback targets, allowing a non-admin user with remote download permission to fetch internal-only URLs and read the response after it is imported into the user's own files. This issue is fixed in version 4.16.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

책임이 있는

GitHub M

예약하다

2026. 06. 15.

모더레이션

수락

항목

VDB-379279

EPSS

0.00000

활동

낮음

출처

Do you know our Splunk app?

Download it now for free!