CVE-2026-10068 | Shibby Tomato 1.28 SUBSCRIBE Call usr/sbin/miniupnpd send server-side request forgery

A vulnerability has been found in Shibby Tomato 1.28 and classified as critical. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability appears as CVE-2026-10068. The attack may be initiated remotely. There is no available exploit.

This project is superseded by FreshTomato.

CVE-2026-10068 | Shibby Tomato 1.28 SUBSCRIBE Call usr/sbin/miniupnpd send server-side request forgery

Post correlati

CVE-2024-2267 | keerti1924 Online-Book-Store-Website 1.0 /shop.php product_price logic error

CVE-2023-50842 | Matthew Fries MF Gig Calendar Plugin up to 1.2.1 on WordPress sql injection

CVE-2025-1378 | radare2 5.9.9 33286 rasm2 /libr/main/rasm2.c memory corruption (Issue 23953)

CVE-2023-6000 | Popup Builder Plugin up to 4.2.2 on WordPress cross site scripting