How to fix CVE-2026-41170?

Within 24 hours: Identify all Squidex instances and document current versions. Within 7 days: Upgrade all affected Squidex deployments to version 7.23.0 or later; conduct access review of admin accounts with backup restoration privileges. Within 30 days: Implement network segmentation to restrict application-layer HTTP client access to internal services; deploy egress filtering rules to prevent metadata service access from Squidex servers.

Is Squidex affected by CVE-2026-41170?

Squidex versions prior to 7.23.0 contain a server-side request forgery vulnerability in the backup restoration endpoint that allows authenticated administrators to probe internal network services and access cloud metadata.

Squidex CVE-2026-41170

EUVD-2026-25102 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-22 GitHub_M

SSRF

7.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 16:27 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:55 vuln.today

Patch available

Apr 22, 2026 - 23:02 EUVD

CVSS changed

Apr 22, 2026 - 22:22 NVD

7.2 (HIGH)

DescriptionNVD

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient without any SSRF protection. A malicious or compromised admin can use this endpoint to probe internal network services, access cloud metadata endpoints, or perform internal reconnaissance. The vulnerability is authenticated (Admin-only) but highly impactful, allowing potential access to sensitive internal resources. Version 7.23.0 contains a fix.

AnalysisAI

Server-Side Request Forgery in Squidex's backup restoration endpoint allows authenticated administrators to probe internal network services and access cloud metadata endpoints. The RestoreController.PostRestoreJob endpoint accepts arbitrary URLs without SSRF protection, enabling internal reconnaissance through the application's HTTP client. …

RemediationAI

Within 24 hours: Identify all Squidex instances and document current versions. Within 7 days: Upgrade all affected Squidex deployments to version 7.23.0 or later; conduct access review of admin accounts with backup restoration privileges. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41170 vulnerability details – vuln.today

Back

Squidex CVE-2026-41170

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Squidex CVE-2026-41170

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code