CVE-2026-12813 | activepieces up to 0.83.0 File URL file.ts handleUrlFile server-side request forgery

A vulnerability labeled as critical has been found in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery.

This vulnerability is identified as CVE-2026-12813. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12813 | activepieces up to 0.83.0 File URL file.ts handleUrlFile server-side request forgery

Post correlati

CVE-2026-20046 | Cisco IOS XR up to 25.2.1 CLI access control (cisco-sa-iosxr-privesc-bF8D5U4W)

CVE-2025-67893 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 compileLess addLessVariables code injection

CVE-2026-3612 | Wavlink WL-NU516U1 V240425 OTA Online Upgrade /cgi-bin/adm.cgi sub_405AF4 firmware_url command injection

CVE-2025-1870 | Mayuri K 101news 1.0 aboutus.php pagedescription sql injection