CVE-2026-9813 – FlowIntel external reference URL probe allows server-side request forgery

CVE ID :CVE-2026-9813

Published : May 28, 2026, 10:16 a.m. | 15 minutes ago

Description :FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server’s network context.

Severity: 6.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9828 – Logback deserialization whitelist bypass for java.lang and java.util

CVE-2026-8990 – Authentication Bypass in Kidsview

CVE-2026-8980 – Privilege Escalation

CVE-2026-8979 – Authentication Bypass