CVE-2026-4528

CVSS v2.0

7.5

High

AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-4528

Affected Products

Apiflow

CVE-2026-4528

Weakness Enumeration

Related Identifiers

Affected Products

References · 5