CVE-2026-2711

Name of the Vulnerable Software and Affected Versions zhutoutoutousan worldquant-miner versions through 1.0.9

Description A server-side request forgery issue exists in zhutoutoutousan worldquant-miner. The issue is related to the manipulation of the make request argument within an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf proxy.py in the URL Handler component. The attack can be initiated remotely and is considered to have high complexity and difficult exploitability. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.0.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.