PT-2026-60519 · Stoatchat · Stoatchat

·

CVE-2026-63088

·

Publicado

2026-07-16

·

Atualizado

2026-07-16

CVSS v3.1

8.6

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url is blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-63088

Produtos afetados

Stoatchat