Skip to main content

kLOsk adloop CVE-2026-15525

| EUVDEUVD-2026-43267 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-13 VulDB GHSA-cvvx-wcx7-g65m
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

SSRF with PR:L authentication; confidentiality impact only (internal resource access), no direct integrity or availability impact on the vulnerable system.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 13, 2026 - 03:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 03:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 13, 2026 - 03:04 vuln.today

DescriptionCVE.org

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forgery. The attack may be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.10.0 is able to resolve this issue. The patch is named 217399723e3a2fb39389e5355d49ed80aaf9ea7c. Upgrading the affected component is advised.

AnalysisAI

Server-side request forgery in kLOsk adloop through version 0.9.0 allows authenticated remote attackers to manipulate the final_url argument passed to the _validate_urls function in src/adloop/ads/write.py, causing the server to issue arbitrary outbound HTTP requests. Internal network services, cloud metadata endpoints, and other non-public resources reachable from the server may be exposed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege adloop account
Delivery
Submit crafted final_url to ad write endpoint
Exploit
_validate_urls processes unsanitized input
Execution
Server issues outbound request to attacker-chosen destination
Impact
Retrieve response from internal network or metadata service

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated session with at least low-privilege access to the adloop application (PR:L per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.3 (Medium) is supported by the vector: network-reachable (AV:N), low complexity (AC:L), low-privilege authentication required (PR:L), no user interaction (UI:N), and low impact across confidentiality, integrity, and availability (VC:L/VI:L/VA:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated adloop user submits a crafted ad entry supplying a malicious value for the `final_url` parameter - for example, `http://169.254.169.254/latest/meta-data/` - which passes through the `_validate_urls` function and causes the server to fetch the cloud instance metadata endpoint, returning sensitive credentials or configuration data to the attacker. A public proof-of-concept demonstrating this technique is available via GitHub issue #41 (https://github.com/kLOsk/adloop/issues/41), lowering the skill bar for exploitation.
Remediation Upgrade adloop to version 0.10.0 immediately; this is the vendor-confirmed fix delivered via commit 217399723e3a2fb39389e5355d49ed80aaf9ea7c (https://github.com/kLOsk/adloop/commit/217399723e3a2fb39389e5355d49ed80aaf9ea7c) and tagged as release v0.10.0 (https://github.com/kLOsk/adloop/releases/tag/v0.10.0). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15525 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy