CVE-2026-3961

Name of the Vulnerable Software and Affected Versions zyddnys manga-image-translator versions through beta-0.3

Description A server-side request forgery condition exists in zyddnys manga-image-translator. The issue is located in the to pil image function within the request extraction.py file of the Translate Endpoints component. This manipulation can lead to server-side request forgery, and the attack can be initiated remotely. The exploit has been publicly disclosed. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to beta-0.3 should be used. As a temporary workaround, consider restricting access to the to pil image() function until a patch is available.