CVE-2026-36764

Name of the Vulnerable Software and Affected Versions SpringBlade version 4.8.0

Description A Server-Side Request Forgery (SSRF) exists in the '/ureport/datasource/testConnection' endpoint. This allows authenticated attackers to scan internal resources by sending a crafted GET request. SSRF is a flaw where an attacker can force a server-side application to make requests to an unintended location.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/ureport/datasource/testConnection' endpoint to minimize the risk of exploitation.