Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.
AnalysisAI
Server-side request forgery in SpringBlade v4.8.0 allows authenticated network attackers to scan internal resources by sending crafted GET requests to the /ureport/datasource/testConnection endpoint, enabling reconnaissance of non-routable or restricted-access network segments. The vulnerability affects confidentiality but requires valid authentication credentials to exploit.
Technical ContextAI
SpringBlade is a Java-based rapid application development framework. The vulnerability resides in the UReport datasource testing functionality, specifically the /ureport/datasource/testConnection endpoint which accepts user-supplied parameters in GET requests without proper validation of destination URLs. The endpoint likely constructs HTTP requests to test datasource connectivity, but fails to restrict requests to external or sensitive internal network ranges (CWE-918: Server-Side Request Forgery). This allows an authenticated user to enumerate internal infrastructure by forcing the server to initiate connections to arbitrary hosts and interpret the response.
RemediationAI
Apply a patched version of SpringBlade released after v4.8.0 if available from the vendor repository (https://github.com/chillzhuang/SpringBlade). If no patch is released, implement URL validation on the /ureport/datasource/testConnection endpoint to reject requests targeting internal IP ranges (RFC 1918 private ranges 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback addresses (127.0.0.0/8), and link-local ranges (169.254.0.0/16). Disable or restrict access to the UReport datasource testing feature to administrative users only, rather than all authenticated users. Monitor outbound HTTP/HTTPS connections from the SpringBlade application server for unexpected destinations. Configure network segmentation to limit the application's ability to reach sensitive internal services such as cloud metadata endpoints, internal databases, or management interfaces.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26399