CVE-2026-36756 | halo 2.22.14 GET install-from-uri server-side request forgery

Inserito da Angelo Barbosa | Apr 30, 2026 | CVE

A vulnerability has been found in halo 2.22.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /plugins/-/install-from-uri of the component GET Handler. This manipulation causes server-side request forgery.

The identification of this vulnerability is CVE-2026-36756. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-36756 | halo 2.22.14 GET install-from-uri server-side request forgery

Post correlati

CVE-2024-4375 | Master Slider Plugin up to 3.9.10 on WordPress Shortcode ms_layer cross site scripting

CVE-2024-45271 | MB Connect Line mbNET.mini up to 2.2.13 input validation (VDE-2024-056)

CVE-2022-49590 | Linux Kernel up to 5.18.14 sysctl_igmp_llm_reports information disclosure

CVE-2024-47872 | Gradio up to 4.x cross site scripting (GHSA-gvv6-33j7-884g)