CVE-2026-27730 – esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

CVE ID : CVE-2026-27730

Published : Feb. 25, 2026, 4:23 p.m. | 45 minutes ago

Description : esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh’s `/http(s)` fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains. This allows an external requester to make the esm.sh server fetch internal localhost services. As of time of publication, no known patched versions exist.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-27730 – esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-25941 – FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-26271 – Buffer Overread in FreeRDP Icon Processing

CVE-2026-25997 – FreeRDP has heap-use-after-free in xf_clipboard_format_equal

CVE-2026-25959 – FreeRDP has heap-use-after-free in xf_cliprdr_provide_data_

CVE-2026-0542 – Remote Code Execution in ServiceNow AI Platform