CVE-2026-35461

| EUVD-2026-19655 MEDIUM
2026-04-07 GitHub_M
5.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 07, 2026 - 15:00 vuln.today
EUVD ID Assigned
Apr 07, 2026 - 15:00 euvd
EUVD-2026-19655
CVE Published
Apr 07, 2026 - 14:28 nvd
MEDIUM 5.0

Tags

SSRF

Description

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs, including localhost, internal network ranges, and cloud provider metadata endpoints, on every document event. This vulnerability is fixed in 26.4.0.

Analysis

Server-Side Request Forgery (SSRF) in Papra document management platform prior to 26.4.0 allows authenticated users to register arbitrary webhook endpoints without URL validation, enabling the server to make HTTP POST requests to localhost, internal networks, and cloud metadata endpoints on document events. Attack requires valid user authentication and knowledge of internal network topology but can exfiltrate sensitive data from restricted network segments.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

25
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: 0

Share

CVE-2026-35461 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy