Skip to main content

TLS CVE-2026-31959

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-11 security-advisories@github.com GHSA-7q3q-5px6-4c5p
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:07 vuln.today
CVE Published
Mar 11, 2026 - 20:16 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS certificate validation; however, environments with TLS-intercepting proxies (common in corporate networks), compromised certificate authorities, or other trust boundary violations are at risk. When retrieving submission logs, Quill fetches a URL provided in the API response without validating that the scheme is https or that the host does not point to a local or multicast IP address. An attacker who can tamper with the response can supply an arbitrary URL, causing the Quill client to issue HTTP or HTTPS requests to attacker-controlled or internal network destinations. This could lead to exfiltration of sensitive data such as cloud provider credentials or internal service responses. Both the Quill CLI and library are affected when used to retrieve notarization submission logs. This vulnerability is fixed in 0.7.1.

AnalysisAI

Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.

Technical ContextAI

Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS certificate validation; however, environments with TLS-intercepting proxies (common in corpo

Affected ProductsAI

Fixed in: 0

RemediationAI

Fixed in version 0.7.1..

More in TLS

View all
CVE-2026-27180 CRITICAL POC
9.8 Feb 18

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromis

CVE-2026-27944 CRITICAL POC
9.8 Mar 05

Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.

CVE-2026-27590 CRITICAL POC
9.8 Feb 24

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to

CVE-2026-27586 CRITICAL POC
9.1 Feb 24

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in Cli

CVE-2026-27588 CRITICAL POC
9.1 Feb 24

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casi

CVE-2026-27587 CRITICAL POC
9.1 Feb 24

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using altern

CVE-2026-25160 CRITICAL POC
9.1 Feb 04

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file

CVE-2026-30851 HIGH POC
8.1 Mar 07

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, e

CVE-2022-40620 HIGH POC
7.7 Jan 28

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce

CVE-2026-30852 HIGH POC
7.5 Mar 07

Caddy versions 2.7.5 through 2.11.1 contain a template injection vulnerability in the vars_regexp matcher that allows re

CVE-2026-25961 HIGH POC
7.5 Feb 09

SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers

CVE-2025-68133 HIGH POC
7.4 Jan 21

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-31959 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy