CVE-2026-3189

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta

Description A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the /api/admin/common/files/download file. Manipulation of the url argument can lead to server-side request forgery (SSRF). The attack can be executed remotely and is considered highly complex with difficult exploitability. The developers addressed this by adding a URL protocol whitelist validation to the file download interface, allowing only 'http' and 'https' protocols.

Recommendations Upgrade to version 1.3.3-beta to resolve this vulnerability.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-3189

Affected Products

Sz-Boot-Parent

CVE-2026-3189

Weakness Enumeration

Related Identifiers

Affected Products

References · 11