Submit #748219: mindsdb v25.14.1 SSRFinfo

Title	mindsdb v25.14.1 SSRF
Description	A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload functionality of MindsDB Editor. Due to improper URL validation, an attacker can bypass blacklist restrictions and trigger arbitrary internal network requests.
Source	⚠️ https://github.com/mindsdb/mindsdb/issues/12163
User	fushuling (UID 45488)
Submission	01/28/2026 13:55 (3 months ago)
Moderation	02/15/2026 10:04 (18 days later)
Status	Accepted
VulDB entry	346119 [MindsDB up to 25.14.1 File Upload security.py clear_filename server-side request forgery]
Points	15

Do you want to use VulDB in your project?

Use the official API to access entries easily!