EUVD-2026-16525
GHSA-5j4w-5v7w-7fvv
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Page-Replica endpoint /sitemap improperly validates the url parameter in the sitemap.fetch function, enabling server-side request forgery (SSRF) attacks by authenticated users. An attacker with login credentials can craft malicious requests to make the vulnerable server fetch arbitrary internal or external resources, potentially exposing sensitive data or facilitating lateral movement. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS v3.1 vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) indicates a network-accessible vulnerability requiring low attack complexity and authenticated login (PR:L), with low confidentiality, integrity, and availability impact within the affected system scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user (or attacker with stolen credentials) logs into a Page-Replica instance and sends a crafted HTTP POST or GET request to /sitemap with a malicious url parameter-for example, url=http://169.254.169.254/latest/meta-data/ (AWS metadata endpoint) or url=http://internal-db:5432/admin. The vulnerable sitemap.fetch function processes the request without validation, causing the server to make an outbound connection to the specified resource and return or leak the response. … |
| Remediation | No vendor-released patch version has been independently confirmed at the time of analysis; however, users should monitor the Page-Replica repository for commits addressing input validation in the /sitemap endpoint and upgrade to any released versions containing the fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems running Page-Replica Page Replica and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today