CVE-2026-27706

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2

Description A Server-Side Request Forgery (SSRF) flaw exists in the "Add Link" feature of Plane, allowing an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and retrieve the full response body. This can lead to the theft of sensitive data from internal services and cloud metadata endpoints.

Recommendations Update to version 1.2.2 or later.