PT-2026-32531 · Unknown · Hummerrisk
Cccccccti
·
Published
2026-04-13
·
Updated
2026-04-14
·
CVE-2026-6220
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HummerRisk versions up to 1.5.0
Description
A server-side request forgery exists in the Video File Download URL Handler component. Manipulation of the
streamIp argument in the ServerService.addServer() function within the ServerService.java file allows a remote attacker to perform this action.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hummerrisk