CVE-2026-39362 | InvenTree 1.2.6 remote_image server-side request forgery (GHSA-m9j7-jw3m-fr22)

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability, which was classified as critical, was found in InvenTree 1.2.6. Affected is an unknown function. Such manipulation of the argument remote_image leads to server-side request forgery.

This vulnerability is documented as CVE-2026-39362. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-39362 | InvenTree 1.2.6 remote_image server-side request forgery (GHSA-m9j7-jw3m-fr22)

Post correlati

CVE-2026-3683 | bufanyun HotGo up to 2.0 Endpoint upload.go ImageTransferStorage server-side request forgery

CVE-2025-6226 | Mattermost up to 9.11.16/10.5.6/10.7.3/10.8.1 Private Channel missing authentication

CVE-2024-7663 | SourceCodester Car Driving School Management System 1.0 manage_user.php id sql injection

CVE-2024-11580 | Luxion KeyShot ABC File Parser heap-based overflow (ZDI-24-1611)