SkatDesign Ratatouille CVE-2026-28036
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.
AnalysisAI
SkatDesign Ratatouille versions up to 1.2.6 contain a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests from the affected system. An attacker with valid credentials can leverage this flaw to access internal services, retrieve sensitive information, or perform actions on behalf of the server across different security domains. No patch is currently available for this medium-severity vulnerability.
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects SkatDesign Ratatouille ratatouille. Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.
Affected ProductsAI
Product: SkatDesign Ratatouille ratatouille.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today