CVE-2026-5346

Name of the Vulnerable Software and Affected Versions huimeicloud hm editor versions up to 2.2.3

Description A flaw exists in the client.get function within the image-to-base64 component, specifically in the file src/mcp-server.js. Manipulation of the url argument can result in server-side request forgery (SSRF). This issue is remotely exploitable. The details of the flaw have been publicly disclosed, and the vendor was notified but did not respond.

Recommendations Update huimeicloud hm editor to a version later than 2.2.3.