Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Authenticated remote SSRF (PR:L, AV:N, AC:L) with scope change to internal services and high confidentiality via media-pool exfiltration; no integrity or availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Garlic-Hub manages digital signage network - devices, content, and playlists - from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.
AnalysisAI
Server-side request forgery in Garlic-Hub digital signage manager prior to version 1.1 allows authenticated users to coerce the server into issuing arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. Responses are stored in the publicly accessible media pool, enabling internal port scanning, service fingerprinting, and exfiltration of internal HTTP responses. No public exploit identified at time of analysis, but the upstream commit (076b6d7) and GHSA-x24v-76hr-989r advisory disclose the patched validator logic.
Technical ContextAI
Garlic-Hub is a self-hosted PHP application (cpe:2.3:a:garlic-signage:garlic-hub) for managing digital signage networks, content, and playlists. The vulnerability is a textbook CWE-918 Server-Side Request Forgery in the Mediapool UploadService: uploadExternalMedia() passed a user-supplied URL directly into a Guzzle HTTP client (head() and request('GET')) without validating the resolved destination. Because the fetched payload is written to the media pool, which is web-accessible, the SSRF doubles as a read primitive against internal HTTP endpoints. The patch introduces a new SsrfValidator class that parses the URL, restricts the scheme to http/https, resolves the hostname with gethostbyname(), rejects RFC1918/reserved ranges via FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_NO_RES_RANGE, explicitly blocks 169.254.0.0/16 link-local (AWS/GCP metadata), and pins the connection to the validated IP using CURLOPT_RESOLVE to prevent DNS rebinding.
RemediationAI
Vendor-released patch: upgrade Garlic-Hub to version 1.1 or later, which introduces the SsrfValidator class enforcing scheme allowlisting, private/reserved/link-local IP blocking, and CURLOPT_RESOLVE pinning to defeat DNS rebinding (commit 076b6d70a43d9641c35cbd8042353b473e3241f5). If immediate upgrade is not possible, restrict network egress from the Garlic-Hub server to only the public CDNs and upstream content sources actually required for external media imports - explicitly block outbound access to RFC1918 ranges, 169.254.169.254 cloud metadata endpoints, and localhost - accepting that legitimate intranet content imports will break. As an additional compensating control, audit and reduce the number of authenticated user accounts able to invoke the uploadFromUrl endpoint, and review the media pool for any unexpected files that may represent already-captured internal responses. Refer to https://github.com/garlic-signage/garlic-hub/security/advisories/GHSA-x24v-76hr-989r for vendor guidance.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36288