CVE-2026-3286

Name of the Vulnerable Software and Affected Versions itwanger paicoding versions 1.0.0 through 1.0.3

Description A server-side request forgery condition exists in itwanger paicoding. The issue is related to the manipulation of the img argument within the Save function located in the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the Image Save Endpoint component. This manipulation can lead to server-side request forgery, and the attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Update itwanger paicoding to a version newer than 1.0.3.