PT-2026-39713 · Unknown · Open Edx Platform
Ik0Z
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-42858
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open edX Platform (affected versions not specified)
Description
The 'sync provider data' endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL through the
metadata url POST parameter. This URL is processed by the fetch metadata xml() function using requests.get() without URL validation, IP filtering, or scheme enforcement. This allows an attacker with Enterprise Admin privileges to force the server to make HTTP requests to internal network services, cloud metadata endpoints, or other destinations controlled by the attacker.Recommendations
Apply the fixes provided in commits 6fda1f120ff5a590d120ae1180185525f399c6d0 and 70a56246dd9c9df57c596e64bdd8a11b1d9da054.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Edx Platform