CVE-2026-42194

Published May 7th, 2026

View on NVD ↗

CVSS v3

6.8

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows redirecting requests to internal IPs. This issue has been patched in version 5.0.9.

Admidio/admidio

Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.

GitHub

459