CVE-2026-3681 | welovemedia FFmate up to 2.0.15 webhook.go fireWebhook server-side request forgery

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability, which was classified as critical, was found in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-3681. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3681 | welovemedia FFmate up to 2.0.15 webhook.go fireWebhook server-side request forgery

Post correlati

CVE-2024-11948 | GFI Archiver Telerik Web UI Remote Code Execution (ZDI-24-1671)

CVE-2026-22245 | mastodon up to 4.2.28/4.3.16/4.4.10/4.5.3 Outbound Request server-side request forgery

CVE-2025-44017 | Gunosy up to 7.33.x JSON Web Token insertion of sensitive information into sent data

CVE-2024-29502 | Secure Lockdown Multi Application Edition 2.00.219 UNC Path information disclosure