Skip to main content

Activepieces CVE-2026-12813

| EUVDEUVD-2026-38199 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-21 VulDB GHSA-fhpv-gggj-q6pv
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.0 MEDIUM

Network-reachable SSRF requiring authenticated (PR:L) access; scope change (S:C) applies as internal systems outside the vulnerable component can be reached.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:48 vuln.today
Severity Changed
Jun 21, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
Jun 21, 2026 - 23:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery in Activepieces through version 0.83.0 enables authenticated remote attackers to coerce the server into issuing arbitrary HTTP requests to attacker-controlled destinations via the handleUrlFile function in the File URL Handler component. The vulnerability spans the entire documented release history from 0.1 to 0.83.0, and a public exploit write-up is available on GitHub, materially lowering the exploitation barrier. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Activepieces with any valid account
Delivery
Create workflow step invoking File URL Handler
Exploit
Supply crafted internal URL (e.g., cloud IMDS or internal API)
Execution
Server executes handleUrlFile and fetches target URL
Persist
Retrieve server response containing internal data or credentials
Impact
Exfiltrate cloud credentials or map internal network

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid authenticated session on the target Activepieces instance - confirmed by PR:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 threat score of 2.1 - derived from base metrics AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N with exploit maturity E:P - numerically understates real-world operational risk for a meaningful subset of deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid low-privilege Activepieces account - or a credential obtained through phishing or credential stuffing - constructs a workflow step that uses the File URL Handler and supplies a URL such as http://169.254.169.254/latest/meta-data/iam/security-credentials/ (AWS IMDSv1) as the file property value. The Activepieces server fetches the URL server-side and returns the response content, delivering temporary AWS IAM credentials to the attacker. …
Remediation No vendor-released patch has been identified at time of analysis; the vendor did not respond to responsible disclosure and no fixed version has been confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12813 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy