CVE-2026-36758 | Halo 2.22.14 GET install-from-uri server-side request forgery

Inserito da Angelo Barbosa | Apr 30, 2026 | CVE

A vulnerability was found in Halo 2.22.14 and classified as critical. Affected by this issue is some unknown functionality of the file /themes/-/install-from-uri of the component GET Handler. Such manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-36758. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-36758 | Halo 2.22.14 GET install-from-uri server-side request forgery

Post correlati

CVE-2023-47709 | IBM Security Guardium 11.3/11.4/11.5/12.0 Request os command injection (XFDB-271524)

CVE-2024-34403 | uriparser up to 0.9.7 UriQuery.c ComposeQueryMallocExMm integer overflow (Issue 183)

CVE-2025-35028 | 0x4m4 HexStrike AI 33267047667b9accfbf0fdac1c1c7ff12f3a5512 API Endpoint EnhancedCommandExecutor os command injection (GCVE-1337-2025)

CVE-2023-48259 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 HTTP Request sql injection