PT-2026-34570 · Squidex · Squidex

Published

2026-04-22

Updated

2026-04-23

CVE-2026-41172

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Squidex versions prior to 7.23.0

Description An SSRF (Server-Side Request Forgery), which occurs when a server is tricked into making requests to an unintended location, allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost or private network targets, and persist the response as an asset.

Recommendations Update to version 7.23.0.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-41172

Affected Products

Squidex

PT-2026-34570 · Squidex · Squidex

CVE-2026-41172

Weakness Enumeration

Related Identifiers

Affected Products

References · 4