Flow Core X

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-4215 MEDIUM POC This Month

Server-side request forgery in FlowCI flow-core-x up to version 1.23.01 allows authenticated remote attackers to conduct SSRF attacks through the SMTP Host Handler configuration function. Public exploit code exists for this vulnerability and the vendor has not released a patch. An attacker with valid credentials can manipulate the system to make arbitrary outbound requests from the affected server.

Java SSRF Flow Core X

NVD VulDB GitHub

CVSS 3.1

6.3

EPSS

0.0%

CVE-2026-4215

EPSS 0% CVSS 6.3

MEDIUM POC This Month

Server-side request forgery in FlowCI flow-core-x up to version 1.23.01 allows authenticated remote attackers to conduct SSRF attacks through the SMTP Host Handler configuration function. Public exploit code exists for this vulnerability and the vendor has not released a patch. An attacker with valid credentials can manipulate the system to make arbitrary outbound requests from the affected server.

Java SSRF Flow Core X

NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy