Skip to main content

NewsBlur EUVDEUVD-2026-39524

| CVE-2026-56771 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-25 VulnCheck GHSA-hggv-jxwf-w664
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.7 HIGH

Network endpoint requires low-privilege auth; scope changes to subsequent cloud systems where high confidentiality impact arises from IAM credential exposure via metadata service.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 19:00 vuln.today
Analysis Generated
Jun 25, 2026 - 19:00 vuln.today

DescriptionCVE.org

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration.

AnalysisAI

Server-side request forgery in NewsBlur's add_url endpoint allows any authenticated user to direct the server to issue arbitrary HTTP requests to private, loopback, or link-local addresses, including cloud instance metadata services. All NewsBlur deployments prior to version 14.5.0 (CPE: cpe:2.3:a:samuelclay:newsblur) are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid authenticated NewsBlur session
Delivery
POST crafted private or link-local URL to /reader/add_url
Exploit
NewsBlur server issues unvalidated outbound HTTP request to internal target
Execution
Server response returned to attacker containing cloud metadata or internal service data
Persist
Extract temporary IAM credentials or internal secrets
Impact
Escalate access to cloud infrastructure or internal systems

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated NewsBlur user account, confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N) accurately captures the risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or compromises a NewsBlur user account on a cloud-hosted instance and submits a POST request to /reader/add_url with the url parameter set to http://169.254.169.254/latest/meta-data/iam/security-credentials/. The unpatched server, lacking private-IP validation, fetches this URL and returns the cloud instance's temporary IAM role credentials in the response body. …
Remediation Upgrade NewsBlur to version 14.5.0 or later; this version introduces the utils.url_safety module and replaces all unsafe outbound HTTP calls with validate_public_url() and safe_requests_get() across apps/reader/views.py, apps/rss_feeds/models.py, apps/rss_feeds/icon_importer.py, and apps/rss_feeds/page_importer.py. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy