CVE-2026-4284

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions taoofagi easegen-admin versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433

Description A server-side request forgery (SSRF) issue exists in the downloadFile function within the PPT File Handler component. The issue is caused by manipulation of the url argument. This allows for remote exploitation. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 should be updated. As a temporary workaround, consider restricting access to the downloadFile function until a suitable update is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-4284

Affected Products

Easegen-Admin

CVE-2026-4284

Weakness Enumeration

Related Identifiers

Affected Products

References · 8