PT-2026-22060 · Unknown · Terriajs-Server

Peter Hassall

Publicado

2026-02-26

Atualizado

2026-03-04

CVE-2026-27818

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TerriaJS-Server versions prior to 4.0.3

Description A validation flaw permits an attacker to proxy domains not explicitly listed in the proxyableDomains configuration. The validation process only verifies if a hostname ends with an allowed domain, which allows malicious domains to be proxied through the server. For example, if example.com is in proxyableDomains, maliciousexample.com could also be proxied. This bypasses proxy restrictions.

Recommendations Upgrade to version 4.0.3 to resolve the issue.

Exploit

Correção

RCE

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-918

Identificadores relacionados

CVE-2026-27818

GHSA-W789-49FC-V8HR

Produtos afetados

Terriajs-Server

PT-2026-22060 · Unknown · Terriajs-Server

CVE-2026-27818

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14