CVE-2026-2711 | zhutoutoutousan worldquant-miner up to 1.0.9 URL ssrf_proxy.py make_request server-side request forgery (Issue 100)

A vulnerability was found in zhutoutoutousan worldquant-miner up to 1.0.9. It has been rated as critical. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py of the component URL Handler. The manipulation of the argument make_request leads to server-side request forgery.

This vulnerability is documented as CVE-2026-2711. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2711 | zhutoutoutousan worldquant-miner up to 1.0.9 URL ssrf_proxy.py make_request server-side request forgery (Issue 100)

Post correlati

CVE-2025-5329 | Martcode Delta Course Automation up to 04022026 sql injection

CVE-2024-7526 | Mozilla Firefox up to 128 ANGLE uninitialized pointer

CVE-2025-7585 | PHPGurukul Online Fire Reporting System 1.2 /admin/manage-site.php webtitle sql injection

CVE-2024-36444 | Swissphone DiCal-RED 2.cgi Log cgi-bin/fdmcgiwebv2.cgi information disclosure (SYSS-2024-040)