Is AI / ML affected by CVE-2026-2532?

Organizations using lintsinghua DeepAudit should be aware of moderate risk from CVE-2026-2532, a server-side request forgery vulnerability rated CVSS 6.3. Users could be tricked into performing unintended actions. A patch is available and should be applied during regular vulnerability management.

CVE-2026-2532

MEDIUM

2026-02-16 [email protected]

6.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 28, 2026 - 00:38 nvd

Patch available

CVE Published

Feb 16, 2026 - 04:15 nvd

MEDIUM 6.3

Description

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component.

Analysis

Server-side request forgery in Deepaudit versions up to 3.0.3 allows authenticated remote attackers to manipulate the IP Address Handler component in the embedding configuration endpoint, potentially enabling them to perform arbitrary network requests from the affected server. The vulnerability requires valid credentials but no user interaction, affecting the AI/ML product's backend services. …

Remediation

Within 30 days: Identify affected systems running lintsinghua DeepAudit and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +32

POC: 0

CVE-2026-2532 vulnerability details – vuln.today

Back

CVE-2026-2532

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2532

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code