Back to VulnFeed / CVE-2026-9813
root@hackertop:~/vulnfeed/CVE-2026-9813#
CVE-2026-9813 MEDIUM SSRF ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

FlowIntel up to 3.2.x HEAD Request app/case/task.py server-side request forgery

FlowIntel 2026-05-28 Impact pending confirmation
LIFECYCLE
6.0 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability, which was classified as critical, was found in FlowIntel up to 3.2.x. This affects some unknown functionality of the file app/case/task.py of the component HEAD Request Handler. Upgrading to version 3.3.0 eliminates this vulnerability. Applying the patch 68b523b47854c54bf36fd706c0fd5353063b5409 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Root Cause Analysis
CWE is classifying the issue as CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Impact: This is going to have an impact on confidentiality, integrity, and availability.

Countermeasure: Upgrading to version 3.3.0 eliminates this vulnerability. Applying the patch 68b523b47854c54bf36fd706c0fd5353063b5409 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-9813 · CVSS 6.0 · Active Threat