CVE-2026-4907

Name of the Vulnerable Software and Affected Versions Page-Replica Page Replica versions prior to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0

Description A server-side request forgery (SSRF) issue exists in the sitemap.fetch function within the /sitemap file of the Endpoint component. Manipulation of the url argument can lead to server-side request forgery. The attack can be carried out remotely, and a public exploit is available. The product utilizes a rolling release strategy, making specific version details for affected or updated releases unavailable. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.