CVE-2026-45412 | 1Panel-dev MaxKB up to 2.9.0 URL Validation work_flow_template.downloadUrl server-side request forgery (GHSA-x9g5-j56j-4mfj)

Inserito da Angelo Barbosa | Mag 26, 2026 | CVE

A vulnerability, which was classified as critical, has been found in 1Panel-dev MaxKB up to 2.9.0. Impacted is the function work_flow_template.downloadUrl of the component URL Validation Handler. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-45412. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-45412 | 1Panel-dev MaxKB up to 2.9.0 URL Validation work_flow_template.downloadUrl server-side request forgery (GHSA-x9g5-j56j-4mfj)

Post correlati

CVE-2025-6422 | Campcodes Online Recruitment Management System 1.0 About Content Page ajax.php?action=save_settings img unrestricted upload

CVE-2024-56259 | AyeCode Plugin up to 2.3.84 on WordPress cross site scripting

CVE-2024-57066 | ndhoule defaults 2.0.1 lib.deep prototype pollution

CVE-2024-55947 | Gogs up to 0.13.0 path traversal (ID 7582)