CVE-2026-1884 | ZenTao up to 21.7.6-85642 Webhook module/webhook/model.php fetchHook server-side request forgery

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability has been found in ZenTao up to 21.7.6-85642 and classified as critical. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery.

This vulnerability appears as CVE-2026-1884. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1884 | ZenTao up to 21.7.6-85642 Webhook module/webhook/model.php fetchHook server-side request forgery

Post correlati

CVE-2025-57146 | PHPGurukul Complaint Management System 2.0 user/reset-password.php mobileno sql injection

CVE-2025-14622 | code-projects Student File Management System 1.0 /admin/save_user.php firstname sql injection

CVE-2024-24139 | SourceCodester Login System with Email Verification 1.0 user sql injection

CVE-2026-0723 | GitLab Community Edition/Enterprise Edition up to 18.6.3/18.7.1/18.8.1 return value