EUVD-2026-18812
Server-Side Request Forgery (SSRF) (CWE-918)
GHSA-2vw7-mrf4-v3mh
10.0
CVSS 3.1 · NVD
Share
Severity by source
NVD
PRIMARY
10.0
CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
4
EUVD ID Assigned
Apr 03, 2026 - 18:15 euvd
EUVD-2026-18812
Analysis Generated
Apr 03, 2026 - 18:15 vuln.today
Patch released
Apr 03, 2026 - 18:15 nvd
Patch available
CVE Published
Apr 03, 2026 - 17:22 nvd
CRITICAL 10.0
DescriptionCVE.org
Microsoft Bing Elevation of Privilege Vulnerability
Articles & Coverage 1
AnalysisAI
Microsoft Bing contains a server-side request forgery (SSRF) vulnerability that allows elevation of privilege through improperly validated requests. The flaw affects Microsoft Bing across all versions and enables attackers to bypass access controls and escalate privileges by causing the application to make unintended requests to internal or external resources. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Send crafted request to Bing service
Delivery
Bypass authentication validation
Exploit
Execute server-side request forgery
Execution
Access internal resources with elevated privileges
Impact
Exfiltrate sensitive data
Access
Send crafted request to Bing service
Delivery
Bypass authentication validation
Exploit
Execute server-side request forgery
Execution
Access internal resources with elevated privileges
Impact
Exfiltrate sensitive data
Vulnerability AssessmentAI
| Exploitation | No special conditions — remote unauthenticated exploitation against default Microsoft Bing installations. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Without a CVSS vector or score provided, precise quantification of attack vector, complexity, and privilege requirements is unavailable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could craft a malicious request to Microsoft Bing that exploits the SSRF vulnerability to make the Bing service perform unintended HTTP requests to internal or external resources on the attacker's behalf. By manipulating request parameters, the attacker could bypass access controls and escalate their privileges within the application, potentially gaining access to privileged features or data. … |
| Remediation | Apply the vendor-released patch from Microsoft immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).