PT-2026-42861 · Git+2 · Aiograpi

Published

2026-05-23

·

Updated

2026-06-11

·

CVE-2026-47157

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions aiograpi versions prior to 0.9.10
Description The software accepts server-supplied signup challenge paths and uses them to construct request URLs without first validating that the paths are relative Instagram API paths. If an attacker influences a challenge response—via a local network, DNS, or proxy compromise—challenge handling requests may be sent to an external host while including the client's existing session headers.
Recommendations Update to version 0.9.10.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47157
GHSA-JH37-X3FV-4X72

Affected Products

Aiograpi