CVE-2026-42141

Name of the Vulnerable Software and Affected Versions Xibo versions prior to 4.4.1

Description An authenticated Server-Side Request Forgery (SSRF) in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be used to scan internal infrastructure, access local cloud metadata endpoints such as AWS IMDS (Instance Metadata Service, which provides data about a running instance), interact with unauthenticated internal services, or exfiltrate data.

Recommendations Update to version 4.4.1.