Skip to main content

SpringBlade CVE-2026-36764

| EUVDEUVD-2026-26399 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-30 cve@mitre.org
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 30, 2026 - 19:30 vuln.today
CVSS changed
Apr 30, 2026 - 18:22 NVD
5.0 (MEDIUM)
EUVD ID Assigned
Apr 30, 2026 - 17:22 euvd
EUVD-2026-26399
Analysis Generated
Apr 30, 2026 - 17:22 vuln.today
CVE Published
Apr 30, 2026 - 17:16 nvd
MEDIUM 5.0

DescriptionCVE.org

A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.

AnalysisAI

Server-side request forgery in SpringBlade v4.8.0 allows authenticated network attackers to scan internal resources by sending crafted GET requests to the /ureport/datasource/testConnection endpoint, enabling reconnaissance of non-routable or restricted-access network segments. The vulnerability affects confidentiality but requires valid authentication credentials to exploit.

Technical ContextAI

SpringBlade is a Java-based rapid application development framework. The vulnerability resides in the UReport datasource testing functionality, specifically the /ureport/datasource/testConnection endpoint which accepts user-supplied parameters in GET requests without proper validation of destination URLs. The endpoint likely constructs HTTP requests to test datasource connectivity, but fails to restrict requests to external or sensitive internal network ranges (CWE-918: Server-Side Request Forgery). This allows an authenticated user to enumerate internal infrastructure by forcing the server to initiate connections to arbitrary hosts and interpret the response.

RemediationAI

Apply a patched version of SpringBlade released after v4.8.0 if available from the vendor repository (https://github.com/chillzhuang/SpringBlade). If no patch is released, implement URL validation on the /ureport/datasource/testConnection endpoint to reject requests targeting internal IP ranges (RFC 1918 private ranges 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback addresses (127.0.0.0/8), and link-local ranges (169.254.0.0/16). Disable or restrict access to the UReport datasource testing feature to administrative users only, rather than all authenticated users. Monitor outbound HTTP/HTTPS connections from the SpringBlade application server for unexpected destinations. Configure network segmentation to limit the application's ability to reach sensitive internal services such as cloud metadata endpoints, internal databases, or management interfaces.

Share

CVE-2026-36764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy