CVE-2026-36759

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

halo-dev/halo
halo-dev/halo
Halo 是一款强大易用的开源建站工具,从个人博客、知识库,到企业官网、在线商城,Halo 都能助您轻松实现,一站式满足您的多样化建站需求。
GitHubGitHub
39K
Arron-bit/Vul_report
Arron-bit/Vul_report
GitHubGitHub