CVE-2026-8725 | CoreWorxLab CAAL up to 1.6.0 test-hass Endpoint src/caal/webhooks.py server-side request forgery

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability was found in CoreWorxLab CAAL up to 1.6.0. It has been rated as critical. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery.

This vulnerability is registered as CVE-2026-8725. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8725 | CoreWorxLab CAAL up to 1.6.0 test-hass Endpoint src/caal/webhooks.py server-side request forgery

Post correlati

CVE-2023-34990 | Fortinet FortiWLM up to 8.5.4/8.6.5 Web Request path traversal (FG-IR-23-144)

CVE-2025-60359 | Radare2 up to 5.9.8 r_bin_object_new memory leak

CVE-2024-48455 | Netis Wifi Router MW5360 skk_get.cgi mode_name/wl_link information disclosure

CVE-2026-27023 | twentyhq twenty up to 1.17 SecureHttpClientService server-side request forgery