CVE-2026-3958

Name of the Vulnerable Software and Affected Versions Woahai321 ListSync versions up to 0.6.6

Description A server-side request forgery issue exists in Woahai321 ListSync. The problem affects the requests.post function within the list-sync-main/api server.py file, specifically in the JSON Handler component. Manipulation of this function can lead to server-side request forgery, and the attack can be carried out remotely. The exploit has been publicly disclosed. The project maintainers were informed of the issue but have not yet responded.

Recommendations Versions up to 0.6.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.