CVE-2026-33126

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.3

Description Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. The /ffprobe API endpoint accepts arbitrary user-controlled URLs without proper validation, which allows for Server-Side Request Forgery (SSRF) attacks. An attacker can leverage the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. The vulnerable parameter is the URL provided to the /ffprobe endpoint.

Recommendations Update to version 0.16.3 or later.