CVE-2026-32301 | centrifugal centrifugo up to 6.6.x JWKS Endpoint iss/aud server-side request forgery

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability classified as critical has been found in centrifugal centrifugo up to 6.6.x. Affected is an unknown function of the component JWKS Endpoint. Performing a manipulation of the argument iss/aud results in server-side request forgery.

This vulnerability is identified as CVE-2026-32301. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-32301 | centrifugal centrifugo up to 6.6.x JWKS Endpoint iss/aud server-side request forgery

Post correlati

CVE-2024-43986 | MagePeople Team Taxi Booking Manager for WooCommerce Plugin up to 1.0.9 on WordPress cross site scripting

CVE-2025-13758 | Devolutions Server up to 2025.2.20/2025.3.8 information disclosure (DEVO-2025-0018)

CVE-2024-8352 | Social Web Suite Plugin up to 4.1.11 on WordPress path traversal

CVE-2026-32131 | Zitadel up to 3.4.7/4.12.1 Organization project.app.read project_id/grant_id/app_id authorization (GHSA-wr6r-59xg-4pj2)