PT-2026-39713 · Unknown · Open Edx Platform

Ik0Z

·

Published

2026-05-11

·

Updated

2026-05-11

·

CVE-2026-42858

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Open edX Platform (affected versions not specified)
Description The 'sync provider data' endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL through the metadata url POST parameter. This URL is processed by the fetch metadata xml() function using requests.get() without URL validation, IP filtering, or scheme enforcement. This allows an attacker with Enterprise Admin privileges to force the server to make HTTP requests to internal network services, cloud metadata endpoints, or other destinations controlled by the attacker.
Recommendations Apply the fixes provided in commits 6fda1f120ff5a590d120ae1180185525f399c6d0 and 70a56246dd9c9df57c596e64bdd8a11b1d9da054.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42858
GHSA-328G-7H4G-R2M9

Affected Products

Open Edx Platform