CVE-2026-9813 in FlowIntelinformação

Sumário

de MITRE • 28/05/2026

FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

CIRCL

Reservar

28/05/2026

Divulgação

28/05/2026

Moderação

aceite

Entrada

VDB-366753

CPE

pronto

CWE

CWE-918 (confirmado)

CVSS

6.3 (VulDB)

EPSS

0.00043

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9813
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9813
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9813/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!