Skip to main content

Activepieces

1 CVEs product

Monthly

CVE-2026-12813 LOW POC Monitor

Server-side request forgery in Activepieces through version 0.83.0 enables authenticated remote attackers to coerce the server into issuing arbitrary HTTP requests to attacker-controlled destinations via the `handleUrlFile` function in the File URL Handler component. The vulnerability spans the entire documented release history from 0.1 to 0.83.0, and a public exploit write-up is available on GitHub, materially lowering the exploitation barrier. The vendor did not respond to responsible disclosure, meaning no patch has been released at time of analysis and no official remediation guidance exists.

SSRF Activepieces
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery in Activepieces through version 0.83.0 enables authenticated remote attackers to coerce the server into issuing arbitrary HTTP requests to attacker-controlled destinations via the `handleUrlFile` function in the File URL Handler component. The vulnerability spans the entire documented release history from 0.1 to 0.83.0, and a public exploit write-up is available on GitHub, materially lowering the exploitation barrier. The vendor did not respond to responsible disclosure, meaning no patch has been released at time of analysis and no official remediation guidance exists.

SSRF Activepieces
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy