ThemeGoods Grand Blog CVE-2026-24961
MEDIUMSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.
AnalysisAI
ThemeGoods Grand Blog versions prior to 3.1.5 contain a server-side request forgery vulnerability that allows unauthenticated remote attackers to make arbitrary HTTP requests from the affected server. The vulnerability enables attackers to access internal resources or interact with backend services on behalf of the server, potentially leading to information disclosure or lateral movement within the network. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects ThemeGoods Grand Blog grandblog. Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.
Affected ProductsAI
Product: ThemeGoods Grand Blog grandblog.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today