ThemeGoods PhotoMe CVE-2026-24381
MEDIUMSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
AnalysisAI
ThemeGoods PhotoMe versions below 5.7.2 contain a server-side request forgery vulnerability that allows unauthenticated attackers to perform arbitrary HTTP requests on behalf of the affected server. The vulnerability requires user interaction to exploit and can lead to information disclosure or unintended modifications on the target system. No patch is currently available.
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects ThemeGoods PhotoMe photome. Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
Affected ProductsAI
Product: ThemeGoods PhotoMe photome.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today