CVE-2026-49328 – Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

CVE ID :CVE-2026-49328

Published : June 1, 2026, 11:16 a.m. | 1 hour, 16 minutes ago

Description :Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9309 – Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

CVE-2026-9308 – Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

CVE-2026-34193 – GPU DDK – Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

CVE-2026-10532 – Logback deserialization whitelist bypass for Proxy objects