Skip to main content

Kan CVE-2026-32255

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-18 GitHub_M
SSRF Nginx Kan
8.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 18, 2026 - 23:30 vuln.today
CVE Published
Mar 18, 2026 - 23:11 nvd
HIGH 8.6

DescriptionNVD

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.).

AnalysisAI

Kan, an open-source project management tool, contains a Server-Side Request Forgery (SSRF) vulnerability in its unauthenticated /api/download/attatchment endpoint in versions 0.5.4 and below. Attackers can exploit this to make arbitrary HTTP requests from the server to internal services, cloud metadata endpoints (such as AWS EC2 metadata at 169.254.169.254), or private network resources without any authentication. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Kan instances in production and verify version numbers; implement network-level access restrictions to the /api/download/attachment endpoint. Within 7 days: Audit cloud metadata services and internal systems for unauthorized access; review logs for exploitation attempts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-46529
May 27

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.or
CVE-2026-45725 HIGH
May 27

Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets a

Share

CVE-2026-32255 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy