Skip to main content

Macro Plantuml

1 CVEs product

Monthly

CVE-2026-42140 Maven MEDIUM PATCH GHSA This Month

Server-Side Request Forgery (SSRF) in PlantUML Macro for XWiki prior to version 2.4.1 allows authenticated users with UI interaction to specify arbitrary PlantUML servers via the server parameter without validation. An attacker can redirect the XWiki server to connect to internal IP addresses or malicious external URLs, enabling reconnaissance of internal infrastructure or attacks on internal services. The vulnerability requires authenticated access and user interaction but operates across scope boundaries (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C). Vendor-released patch available in version 2.4.1.

SSRF Macro Plantuml
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in PlantUML Macro for XWiki prior to version 2.4.1 allows authenticated users with UI interaction to specify arbitrary PlantUML servers via the server parameter without validation. An attacker can redirect the XWiki server to connect to internal IP addresses or malicious external URLs, enabling reconnaissance of internal infrastructure or attacks on internal services. The vulnerability requires authenticated access and user interaction but operates across scope boundaries (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C). Vendor-released patch available in version 2.4.1.

SSRF Macro Plantuml
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy