What is the CVSS score of CVE-2026-25991?

CVE-2026-25991 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Recipes are affected by CVE-2026-25991?

Tandoor Recipes versions prior to 2.5.1 contain a blind Server-Side Request Forgery vulnerability that could allow attackers to exploit the recipe import feature to access internal systems and…. A patch is available.

Is there a public PoC exploit available for CVE-2026-25991?

Yes, a public proof-of-concept exploit is available for CVE-2026-25991. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-25991?

Within 24 hours: Identify all instances of Tandoor Recipes in production and verify current versions. Within 7 days: Apply patch to version 2.5.1 or later across all affected systems, or disable the Cookmate recipe import feature until patching is complete. Within 30 days: Conduct security audit of internal systems that could have been accessed via SSRF and review access logs for suspicious activity.

Recipes CVE-2026-25991

HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-02-13 security-advisories@github.com

SSRF Recipes

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 17, 2026 - 16:10 vuln.today

Public exploit code

Patch released

Feb 17, 2026 - 16:10 nvd

Patch available

CVE Published

Feb 13, 2026 - 19:17 nvd

HIGH 7.7

DescriptionNVD

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1.

AnalysisAI

Tandoor Recipes prior to 2.5.1 contains a blind server-side request forgery vulnerability in the Cookmate recipe import feature that allows authenticated users to bypass URL validation after HTTP redirects, enabling attacks against internal networks and cloud metadata services. An attacker with standard user privileges can leverage this flaw to scan internal ports, access sensitive metadata, or discover the server's real IP address. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as standard Tandoor user

Delivery

Access Cookmate recipe import feature

Exploit

Provide URL with HTTP redirect

Execution

Server follows redirect to internal resource

Impact

Exfiltrate sensitive data from internal network

Access

Authenticate as standard Tandoor user

Delivery

Access Cookmate recipe import feature

Exploit

Provide URL with HTTP redirect

Execution

Server follows redirect to internal resource

Impact

Exfiltrate sensitive data from internal network

Vulnerability AssessmentAI

Exploitation	Authenticated user account required (any privilege level). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.7 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all instances of Tandoor Recipes in production and verify current versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25991 vulnerability details – vuln.today

Back

Recipes CVE-2026-25991

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code