CVE-2026-10771 | crmeb crmeb_java 1.4 base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity url server-side request forgery (Issue 35)

A vulnerability was found in crmeb crmeb_java 1.4. It has been declared as critical. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request forgery.

This vulnerability is identified as CVE-2026-10771. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10771 | crmeb crmeb_java 1.4 base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity url server-side request forgery (Issue 35)

Post correlati

CVE-2025-13966 | Paypal Payment Shortcode Plugin up to 1.01 on WordPress paypal-shortcode buttom_image cross site scripting

CVE-2026-7686 | eyeo Adblock Plus up to 4.36.2 on Chrome Legacy Premium Activation premium.preload.js postMessage access control

CVE-2025-39919 | Linux Kernel up to 6.16.5 wifi privilege escalation

CVE-2025-23187 | SAP NetWeaver and ABAP Platform 740/2008_1_700/2008_1_710 SDCCN authorization