CVE-2026-25991 | Tandoor Recipes up to 2.5.0 Cookmate Integration cookmate.py server-side request forgery (GHSA-j6xg-85mh-qqf7)

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability identified as critical has been detected in Tandoor Recipes up to 2.5.0. The impacted element is an unknown function of the file cookbook/integration/cookmate.py of the component Cookmate Integration. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-25991. Remote exploitation of the attack is possible. No exploit is available.

You should upgrade the affected component.

CVE-2026-25991 | Tandoor Recipes up to 2.5.0 Cookmate Integration cookmate.py server-side request forgery (GHSA-j6xg-85mh-qqf7)

Post correlati

CVE-2024-21358 | Microsoft Windows up to Server 2022 23H2 WDAC OLE DB Provider for SQL Server Remote Code Execution

CVE-2025-50399 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 Password buffer overflow

CVE-2024-1351 | MongoDB Server up to 4.4.28/5.0.24/6.0.13/7.0.5 tls.CAFile certificate validation (SERVER-72839)

VDB-267981 | Amazon Q for Business Prompt injection