CVE-2026-6215 | DbGate up to 7.1.4 REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability was found in DbGate up to 7.1.4. It has been rated as critical. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery.

This vulnerability appears as CVE-2026-6215. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6215 | DbGate up to 7.1.4 REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

Post correlati

CVE-2024-22922 | Project Worlds Visitor Management Systemin 1.0 Login Page POST/index.php Privilege Escalation

CVE-2026-2117 | itsourcecode Society Management System 1.0 /admin/edit_activity.php activity_id sql injection

CVE-2025-14124 | Team Plugin up to 5.0.10 on WordPress Ajax Action sql injection

CVE-2024-13643 | MVPThemes Zox News Plugin up to 3.17.0 on WordPress backup_options authorization