CVE-2026-32096

Name of the Vulnerable Software and Affected Versions Plunk versions prior to 0.7.0

Description Plunk is an open-source email platform built on AWS SES. A Server-Side Request Forgery (SSRF) issue existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request, causing the server to make an arbitrary outbound HTTP GET request to any accessible host. The issue allows attackers to potentially pivot into internal networks through crafted SubscriptionConfirmation requests.

Recommendations Update to version 0.7.0.