Cskefu

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-2556 MEDIUM POC This Month

Server-side request forgery in Cskefu up to version 8.0.1 allows authenticated remote attackers to manipulate the URL parameter in the MediaController endpoint to perform arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The attack requires valid authentication credentials but can be executed remotely with low complexity.

Java SSRF Cskefu

NVD VulDB

CVSS 3.1

6.3

EPSS

0.0%

CVE-2026-2556

EPSS 0% CVSS 6.3

MEDIUM POC This Month

Server-side request forgery in Cskefu up to version 8.0.1 allows authenticated remote attackers to manipulate the URL parameter in the MediaController endpoint to perform arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The attack requires valid authentication credentials but can be executed remotely with low complexity.

Java SSRF Cskefu

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy