CVE-2026-44797

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2

Description The Webhook data model and associated feature set can be configured by users with sufficient access to perform requests to unauthorized hosts and IP addresses. This allows for behaviors similar to server-side request forgery (SSRF), where the server is coerced into making unintended requests.

Recommendations Update to version 2.4.33. Update to version 3.1.2. Review users granted add or change permissions for the Webhook data model and audit existing Webhook records for safety and validity. Configure WEBHOOK ALLOWED SCHEMES to restrict records to HTTP or HTTPS. Use WEBHOOK ADDITIONAL BLOCKED NETWORKS to specify IP networks that should be denied for Webhook sending. Use WEBHOOK ALLOWED HOSTS to provide an allow-list of specific hosts that should bypass blocked network configurations.