Skip to main content

Apiflow

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4528 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in the validateUrlSecurity function within trueleaf ApiFlow version 0.9.7's URL validation handler. This flaw allows unauthenticated remote attackers to manipulate server-side requests to access internal resources or perform actions on behalf of the server. A public proof-of-concept exploit has been disclosed and is available, significantly lowering the barrier to exploitation.

SSRF Apiflow
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-4528
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in the validateUrlSecurity function within trueleaf ApiFlow version 0.9.7's URL validation handler. This flaw allows unauthenticated remote attackers to manipulate server-side requests to access internal resources or perform actions on behalf of the server. A public proof-of-concept exploit has been disclosed and is available, significantly lowering the barrier to exploitation.

SSRF Apiflow
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy