CVE-2026-3286 | itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img server-side request forgery

A vulnerability, which was classified as critical, was found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery.

This vulnerability is traded as CVE-2026-3286. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3286 | itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img server-side request forgery

Post correlati

CVE-2024-25914 | Photoboxone SMTP Mail Plugin up to 1.3.20 on WordPress cross-site request forgery

CVE-2024-10121 | wfh45678 Radar up to 1.0.8 Interface authorization

CVE-2021-20553 | IBM Sterling B2B Integrator up to 5.2.6.5/6.0.0.6/6.0.3.4/6.1.0.2 Web UI cross site scripting

CVE-2022-43915 | IBM App Connect Enterprise Certified Container up to 12.1 permission assignment (XFDB-241037)