CVE-2026-36759

Name of the Vulnerable Software and Affected Versions halo version 2.22.14

Description A Server-Side Request Forgery (SSRF) exists in the '/themes/{name}/upgrade-from-uri' endpoint. This allows authenticated attackers to scan internal resources by sending a crafted GET request. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.