CVE-2026-42140

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1

Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery (SSRF) flaw. The application fails to validate the URL provided through the server parameter, allowing an attacker to specify an internal IP address or a malicious external URL. Consequently, the XWiki server attempts to connect to the supplied URL to render the diagram.

Recommendations Update to version 2.4.1.