Skip to main content

Garlic Hub

1 CVEs product

Monthly

CVE-2026-47170 HIGH PATCH This Week

Server-side request forgery in Garlic-Hub digital signage manager prior to version 1.1 allows authenticated users to coerce the server into issuing arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. Responses are stored in the publicly accessible media pool, enabling internal port scanning, service fingerprinting, and exfiltration of internal HTTP responses. No public exploit identified at time of analysis, but the upstream commit (076b6d7) and GHSA-x24v-76hr-989r advisory disclose the patched validator logic.

SSRF Garlic Hub
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Server-side request forgery in Garlic-Hub digital signage manager prior to version 1.1 allows authenticated users to coerce the server into issuing arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. Responses are stored in the publicly accessible media pool, enabling internal port scanning, service fingerprinting, and exfiltration of internal HTTP responses. No public exploit identified at time of analysis, but the upstream commit (076b6d7) and GHSA-x24v-76hr-989r advisory disclose the patched validator logic.

SSRF Garlic Hub
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy