CVE-2026-33486 | roadiz core-bundle-dev-app up to 2.3.41/2.5.43/2.6.27/2.7.8 Environment Variable server-side request forgery

Inserito da Angelo Barbosa | Mar 26, 2026 | CVE

A vulnerability was found in roadiz core-bundle-dev-app up to 2.3.41/2.5.43/2.6.27/2.7.8 and classified as critical. The affected element is an unknown function of the component Environment Variable Handler. The manipulation results in server-side request forgery.

This vulnerability is known as CVE-2026-33486. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-33486 | roadiz core-bundle-dev-app up to 2.3.41/2.5.43/2.6.27/2.7.8 Environment Variable server-side request forgery

Post correlati

CVE-2025-39920 | Linux Kernel up to 6.16.5 add_interval null pointer dereference

CVE-2026-3964 | OpenAkita up to 1.24.3 Chat API Endpoint shell.py run Message os command injection

CVE-2024-56737 | GNU Grub2 up to 2.12 HFS Filesystem fs/hfs.c heap-based overflow

CVE-2024-0292 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setOpModeCfg hostName os command injection