CVE-2026-3961 | zyddnys manga-image-translator up to beta-0.3 Translate Endpoints request_extraction.py to_pil_image server-side request forgery (1118/1119/1120/1121/1122/1123/1124)

A vulnerability marked as critical has been reported in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery.

The identification of this vulnerability is CVE-2026-3961. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-3961 | zyddnys manga-image-translator up to beta-0.3 Translate Endpoints request_extraction.py to_pil_image server-side request forgery (1118/1119/1120/1121/1122/1123/1124)

Post correlati

CVE-2024-25399 | Intelliants Subrion CMS 4.2.1 adminer.php cross site scripting

CVE-2025-47087 | Adobe Experience Manager up to 6.5.22 cross site scripting (apsb25-48)

CVE-2025-26206 | StoreFront 1.0 index.html cross-site request forgery

CVE-2024-9301 | Netflix E2Nest prior #16 path traversal (nflx-2024-004)