Which versions of Squidex are affected by CVE-2026-41170?

Squidex versions prior to 7.23.0 contain a server-side request forgery vulnerability in the backup restoration endpoint that allows authenticated administrators to probe internal network services and…. A patch is available.

How to fix or mitigate CVE-2026-41170?

Within 24 hours: Identify all Squidex instances and document current versions. Within 7 days: Upgrade all affected Squidex deployments to version 7.23.0 or later; conduct access review of admin accounts with backup restoration privileges. Within 30 days: Implement network segmentation to restrict application-layer HTTP client access to internal services; deploy egress filtering rules to prevent metadata service access from Squidex servers.

Squidex CVE-2026-41170

Q: What is the CVSS score of CVE-2026-41170?

CVE-2026-41170 has a CVSS 4.0 base score of 7.2 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25102 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-22 GitHub_M

SSRF Squidex

7.2

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.2 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 24, 2026 - 14:45 nvd

Patch available

Re-analysis Queued

Apr 23, 2026 - 16:27 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:55 vuln.today

Patch available

Apr 22, 2026 - 23:02 EUVD

CVSS changed

Apr 22, 2026 - 22:22 NVD

7.2 (HIGH)

EUVD ID Assigned

Apr 22, 2026 - 21:46 euvd

EUVD-2026-25102

Analysis Generated

Apr 22, 2026 - 21:46 vuln.today

CVE Published

Apr 22, 2026 - 21:13 nvd

HIGH 7.2

DescriptionGitHub Advisory

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient without any SSRF protection. A malicious or compromised admin can use this endpoint to probe internal network services, access cloud metadata endpoints, or perform internal reconnaissance. The vulnerability is authenticated (Admin-only) but highly impactful, allowing potential access to sensitive internal resources. Version 7.23.0 contains a fix.

AnalysisAI

Server-Side Request Forgery in Squidex's backup restoration endpoint allows authenticated administrators to probe internal network services and access cloud metadata endpoints. The RestoreController.PostRestoreJob endpoint accepts arbitrary URLs without SSRF protection, enabling internal reconnaissance through the application's HTTP client. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain admin credentials

Delivery

Authenticate to Squidex CMS

Exploit

Access backup restoration endpoint

Install

Submit malicious URL targeting internal service

Server proxies request without validation

Execute

Extract sensitive data from response

Impact

Pivot to compromised internal resources