CVE-2026-35037 | lin-snow Ech0 up to 4.2.7 Endpoint /api/website/title website_url server-side request forgery (GHSA-cqgf-f4x7-g6wc)

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability classified as critical was found in lin-snow Ech0 up to 4.2.7. The affected element is an unknown function of the file /api/website/title of the component Endpoint. The manipulation of the argument website_url results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-35037. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2026-35037 | lin-snow Ech0 up to 4.2.7 Endpoint /api/website/title website_url server-side request forgery (GHSA-cqgf-f4x7-g6wc)

Post correlati

CVE-2024-5171 | libaom up to 3.8.x img_alloc_helper heap-based overflow

CVE-2025-21673 | Linux Kernel up to 6.6.73/6.12.10 cifs_put_tcp_session double free

CVE-2026-39316 | OpenPrinting CUPS up to 2.4.16 on Linux scheduler/printers.c cupsdDeleteTemporaryPrinters use after free (GHSA-pjv5-prqp-46rg)

CVE-2024-20120 | MediaTek MT8798 out-of-bounds write (MSV-1575 / ALPS08956986)