Skip to main content

Huly Platform

2 CVEs product

Monthly

CVE-2026-5623 LOW Monitor

Server-side request forgery in hcengineering Huly Platform 0.7.382 allows authenticated remote attackers to make arbitrary HTTP requests from the affected server via manipulation of the Import Endpoint in server/front/src/index.ts, potentially enabling access to internal resources, metadata disclosure, or lateral movement within the infrastructure. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

SSRF Huly Platform
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5622 LOW Monitor

JWT token handling in hcengineering Huly Platform 0.7.382 uses hard-coded cryptographic keys in the token.ts component, allowing remote attackers to forge or manipulate authentication tokens with high attack complexity. The vulnerability affects confidentiality and integrity of token-based authentication but requires significant technical effort to exploit, reflected in a low CVSS score (3.7) and high attack complexity rating. No active exploitation has been confirmed, and the vendor has not responded to disclosure attempts.

Information Disclosure Huly Platform
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW Monitor

Server-side request forgery in hcengineering Huly Platform 0.7.382 allows authenticated remote attackers to make arbitrary HTTP requests from the affected server via manipulation of the Import Endpoint in server/front/src/index.ts, potentially enabling access to internal resources, metadata disclosure, or lateral movement within the infrastructure. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

SSRF Huly Platform
NVD VulDB
EPSS 0% CVSS 2.9
LOW Monitor

JWT token handling in hcengineering Huly Platform 0.7.382 uses hard-coded cryptographic keys in the token.ts component, allowing remote attackers to forge or manipulate authentication tokens with high attack complexity. The vulnerability affects confidentiality and integrity of token-based authentication but requires significant technical effort to exploit, reflected in a low CVSS score (3.7) and high attack complexity rating. No active exploitation has been confirmed, and the vendor has not responded to disclosure attempts.

Information Disclosure Huly Platform
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy