CVE-2026-41195

Name of the Vulnerable Software and Affected Versions mosparo versions prior to 1.4.13

Description The automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server subsequently fetches. Since the server follows http/https redirects and does not restrict private or loopback destinations, this creates a stored Server-Side Request Forgery (SSRF)—a flaw where the server is tricked into making requests to an unintended location—which can be used as an internal HTTP probing oracle to discover internal network services.

Recommendations Update to version 1.4.13.