CVE-2026-5205 | chatwoot up to 4.11.2 Webhook API lib/webhooks/trigger.rb Webhooks::Trigger url server-side request forgery

A vulnerability was found in chatwoot up to 4.11.2. It has been declared as critical. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-5205. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5205 | chatwoot up to 4.11.2 Webhook API lib/webhooks/trigger.rb Webhooks::Trigger url server-side request forgery

Post correlati

CVE-2024-13611 | wordplus Better Messages Plugin up to 2.6.9 on WordPress File Attachment bp-better-messages information disclosure

CVE-2025-21400 | Microsoft

CVE-2024-9780 | Wireshark up to 4.4.0 ITS Dissector missing initialization

CVE-2025-12006 | Supermicro MBD-X12STW-F 01.07.09 Image signature verification