CVE-2026-6981

Name of the Vulnerable Software and Affected Versions IhateCreatingUserNames2 AiraHub2 versions prior to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e

Description A server-side request forgery (SSRF) exists in the Endpoint component. This issue occurs within the connect stream endpoint/sync agents() function of the AiraHub.py file. A remote attacker can initiate a manipulation that allows the server to make unauthorized requests to internal or external resources.

Recommendations Update to a version later than 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. As a temporary workaround, restrict access to the connect stream endpoint/sync agents() function to minimize the risk of exploitation.