Fulcio

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-22772 MEDIUM POC PATCH This Month

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Redhat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-66506 HIGH PATCH This Week

A security vulnerability in Fulcio (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Ubuntu Debian Fulcio Redhat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22772
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Redhat +1
NVD GitHub
CVE-2025-66506
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A security vulnerability in Fulcio (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Ubuntu Debian +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy