PT-2026-2303 · Fulcio · Fulcio

Morwn

Published

2026-01-12

Updated

2026-05-18

CVE-2026-22772

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fulcio versions prior to 1.8.5

Description Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. The metaRegex() function uses unanchored regular expressions, potentially allowing attackers to bypass MetaIssuer URL validation and trigger Server-Side Request Forgery (SSRF) to internal services. The SSRF is limited to GET requests and does not allow data exfiltration, but could be used for blind SSRF probing of an internal network.

Recommendations Update to Fulcio version 1.8.5 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CLEANSTART-2026-BD19566

CLEANSTART-2026-EZ47382

CLEANSTART-2026-GK29346

CLEANSTART-2026-HF07497

CLEANSTART-2026-NS33477

CLEANSTART-2026-WB12909

CLEANSTART-2026-WN01990

CVE-2026-22772

GHSA-59JP-PJ84-45MR

GO-2026-4311

OPENSUSE-RU-2026:20161-1

OPENSUSE-SU-2026:10068-1

OPENSUSE-SU-2026:10230-1

OPENSUSE-SU-2026:10235-1

OPENSUSE-SU-2026:20386-1

SUSE-SU-2026:0292-1

SUSE-SU-2026:0592-1

SUSE-SU-2026:0777-1

SUSE-SU-2026:20904-1

Affected Products

Fulcio

PT-2026-2303 · Fulcio · Fulcio

CVE-2026-22772

Weakness Enumeration

Related Identifiers

Affected Products

References · 237