CVE-2026-45082

Name of the Vulnerable Software and Affected Versions Karakeep versions prior to 0.32.0

Description A Server-Side Request Forgery (SSRF) protection bypass exists in redirect-following processing components. While the application includes protections to block requests to internal or private network destinations, these can be bypassed using crafted HTTP redirect chains. An authenticated user can use attacker-controlled redirects to force the application to send requests to internal Docker network services. This issue impacts several processing paths, specifically crawler-related functionality and video download processing flows.

Recommendations Update to version 0.32.0.