CVE-2026-41177

Name of the Vulnerable Software and Affected Versions Squidex versions prior to 7.23.0

Description The Restore API is susceptible to Blind Server-Side Request Forgery (SSRF), a flaw where a server is tricked into making requests to an unintended location. The application does not validate the URI scheme of the Url parameter, enabling the use of the file:// protocol. This allows an authenticated administrator to force the backend server to interact with the local filesystem, potentially leading to Local File Interaction (LFI) and the disclosure of sensitive system information via side-channel analysis of internal logs.

Recommendations Update to version 7.23.0.