Apache · Fesod-Sheet · CVE-2026-49328
**Name of the Vulnerable Software and Affected Versions**
Apache Fesod (Incubating) fesod-sheet versions prior to 2.0.2-incubating
**Description**
Server-Side Request Forgery (SSRF) in the UrlImageConverter component allows attackers to trigger outbound network requests to internal or restricted resources by providing a malicious image URL. SSRF is a flaw where a server is tricked into making requests to an unintended location.
**Recommendations**
Upgrade to version 2.0.2-incubating.