CVE-2026-56769

Name of the Vulnerable Software and Affected Versions Huly Platform versions prior to 0.7.423

Description An authenticated server-side request forgery (SSRF) occurs in the /import endpoint of the front pod. This allows workspace users to initiate arbitrary server requests by providing malicious URLs. This can be used to access internal services, exfiltrate responses, and replay credentials against backend systems. SSRF is a flaw where a server is tricked into making requests to an unintended location.

Recommendations Update Huly Platform to version 0.7.423 or later. As a temporary mitigation, restrict access to the /import endpoint.