Vulnerability-Lookup

CVE-2026-41272 (GCVE-0-2026-41272)

Vulnerability from cvelistv5 – Published: 2026-04-23 19:16 – Updated: 2026-04-23 20:18

Title

Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)

Summary

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

https://github.com/FlowiseAI/Flowise/security/adv…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

FlowiseAI

Flowise

Affected: < 3.1.0

FlowiseAI

flowise-components

Affected: < 3.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41272",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T20:18:28.171566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T20:18:56.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Flowise",
          "vendor": "FlowiseAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.0"
            }
          ]
        },
        {
          "product": "flowise-components",
          "vendor": "FlowiseAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T19:16:08.113Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
        }
      ],
      "source": {
        "advisory": "GHSA-2x8m-83vc-6wv4",
        "discovery": "UNKNOWN"
      },
      "title": "Flowise: SSRF Protection Bypass (TOCTOU \u0026 Default Insecure)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-41272",
    "datePublished": "2026-04-23T19:16:08.113Z",
    "dateReserved": "2026-04-18T14:01:46.801Z",
    "dateUpdated": "2026-04-23T20:18:56.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41272\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-23T20:16:15.810\",\"lastModified\":\"2026-04-23T21:16:06.210\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41272\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-23T20:18:28.171566Z\"}}}], \"references\": [{\"url\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-23T20:18:46.344Z\"}}], \"cna\": {\"title\": \"Flowise: SSRF Protection Bypass (TOCTOU \u0026 Default Insecure)\", \"source\": {\"advisory\": \"GHSA-2x8m-83vc-6wv4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"FlowiseAI\", \"product\": \"Flowise\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.1.0\"}]}, {\"vendor\": \"FlowiseAI\", \"product\": \"flowise-components\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.1.0\"}]}], \"references\": [{\"url\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4\", \"name\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-23T19:16:08.113Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-41272\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-23T20:18:56.831Z\", \"dateReserved\": \"2026-04-18T14:01:46.801Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-23T19:16:08.113Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-41272

Vulnerability from fkie_nvd - Published: 2026-04-23 20:16 - Updated: 2026-04-23 21:16

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0."
    }
  ],
  "id": "CVE-2026-41272",
  "lastModified": "2026-04-23T21:16:06.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-23T20:16:15.810",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-2X8M-83VC-6WV4

Vulnerability from github – Published: 2026-04-16 21:51 – Updated: 2026-04-18 00:15

Summary

Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)

Details

Summary

The core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list.

Details

The flaws exist in packages/components/src/httpSecurity.ts.

Default Insecure: If process.env.HTTP_DENY_LIST is undefined, checkDenyList returns immediately, allowing all requests (including localhost).

DNS Rebinding (TOCTOU): The function performs a DNS lookup (dns.lookup) to validate the IP, and then the HTTP client performs a new lookup to connect. An attacker can serve a valid IP first, then switch to an internal IP (e.g., 127.0.0.1) for the second lookup.

PoC

Ensure HTTP_DENY_LIST is unset (default behavior).

Use any node utilizing secureFetch to access http://127.0.0.1.

Result: Request succeeds.

Scenario 2: DNS Rebinding

Attacker controls domain attacker.com and a custom DNS server.

Configure DNS to return 1.1.1.1 (Safe IP) with TTL=0 for the first query.

Configure DNS to return 127.0.0.1 (Blocked IP) for subsequent queries.

Flowise validates attacker.com -> 1.1.1.1 (Allowed).

Flowise fetches attacker.com -> 127.0.0.1 (Bypass).

Run the following for manual verification

// PoC for httpSecurity.ts Bypasses
import * as dns from 'dns/promises';

// Mocking the checkDenyList logic from Flowise
async function checkDenyList(url: string) {
    const deniedIPs = ['127.0.0.1', '0.0.0.0']; // Simplified deny list logic

    if (!process.env.HTTP_DENY_LIST) {
        console.log(\"⚠️  HTTP_DENY_LIST not set. Returning allowed.\");
        return; // Vulnerability 1: Default Insecure
    }

    const { hostname } = new URL(url);
    const { address } = await dns.lookup(hostname);

    if (deniedIPs.includes(address)) {
        throw new Error(`IP ${address} is denied`);
    }
    console.log(`✅ IP ${address} allowed check.`);
}

async function runPoC() {
    console.log(\"--- Test 1: Default Configuration (Unset HTTP_DENY_LIST) ---\");
    // Ensure env var is unset
    delete process.env.HTTP_DENY_LIST;
    try {
        await checkDenyList('http://127.0.0.1');
        console.log(\"[PASS] Default config allowed localhost access.\");
    } catch (e) {
        console.log(\"[FAIL] Blocked:\", e.message);
    }

    console.log(\"\
--- Test 2: 'private' Keyword Bypass (Logic Flaw) ---\");
    process.env.HTTP_DENY_LIST = 'private'; // User expects this to block localhost
    try {
        await checkDenyList('http://127.0.0.1');
        // In real Flowise code, 'private' is not expanded to IPs, so it only blocks the string \"private\"
        console.log(\"[PASS] 'private' keyword failed to block localhost (Mock simulation).\");
    } catch (e) {
        console.log(\"[FAIL] Blocked:\", e.message);
    }
}

runPoC();

Impact

Confidentiality: High (Access to internal services if protection is bypassed).

Integrity: Low/Medium (If internal services allow state changes via GET).

Availability: Low.

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.13"
      },
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.13"
      },
      "package": {
        "ecosystem": "npm",
        "name": "flowise-components"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-918",
      "CWE-367"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T21:51:00Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nThe core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list.\n\n\n### Details\nThe flaws exist in `packages/components/src/httpSecurity.ts`.\n\nDefault Insecure: If process.env.HTTP_DENY_LIST is undefined, checkDenyList returns immediately, allowing all requests (including localhost).\n\nDNS Rebinding (TOCTOU): The function performs a DNS lookup (dns.lookup) to validate the IP, and then the HTTP client performs a new lookup to connect. An attacker can serve a valid IP first, then switch to an internal IP (e.g., `127.0.0.1`) for the second lookup.\n\n\n### PoC\nEnsure `HTTP_DENY_LIST` is unset (default behavior).\n\nUse any node utilizing secureFetch to access `http://127.0.0.1`.\n\nResult: Request succeeds.\n\n#### Scenario 2: DNS Rebinding\n\nAttacker controls domain attacker.com and a custom DNS server.\n\nConfigure DNS to return `1.1.1.1` (Safe IP) with TTL=0 for the first query.\n\nConfigure DNS to return `127.0.0.1` (Blocked IP) for subsequent queries.\n\nFlowise validates `attacker.com` -\u003e `1.1.1.1` (Allowed).\n\nFlowise fetches `attacker.com` -\u003e `127.0.0.1` (Bypass).\n\nRun the following for manual verification \n\n```ts\n// PoC for httpSecurity.ts Bypasses\nimport * as dns from \u0027dns/promises\u0027;\n\n// Mocking the checkDenyList logic from Flowise\nasync function checkDenyList(url: string) {\n    const deniedIPs = [\u0027127.0.0.1\u0027, \u00270.0.0.0\u0027]; // Simplified deny list logic\n\n    if (!process.env.HTTP_DENY_LIST) {\n        console.log(\\\"\u26a0\ufe0f  HTTP_DENY_LIST not set. Returning allowed.\\\");\n        return; // Vulnerability 1: Default Insecure\n    }\n\n    const { hostname } = new URL(url);\n    const { address } = await dns.lookup(hostname);\n\n    if (deniedIPs.includes(address)) {\n        throw new Error(`IP ${address} is denied`);\n    }\n    console.log(`\u2705 IP ${address} allowed check.`);\n}\n\nasync function runPoC() {\n    console.log(\\\"--- Test 1: Default Configuration (Unset HTTP_DENY_LIST) ---\\\");\n    // Ensure env var is unset\n    delete process.env.HTTP_DENY_LIST;\n    try {\n        await checkDenyList(\u0027http://127.0.0.1\u0027);\n        console.log(\\\"[PASS] Default config allowed localhost access.\\\");\n    } catch (e) {\n        console.log(\\\"[FAIL] Blocked:\\\", e.message);\n    }\n\n    console.log(\\\"\\\n--- Test 2: \u0027private\u0027 Keyword Bypass (Logic Flaw) ---\\\");\n    process.env.HTTP_DENY_LIST = \u0027private\u0027; // User expects this to block localhost\n    try {\n        await checkDenyList(\u0027http://127.0.0.1\u0027);\n        // In real Flowise code, \u0027private\u0027 is not expanded to IPs, so it only blocks the string \\\"private\\\"\n        console.log(\\\"[PASS] \u0027private\u0027 keyword failed to block localhost (Mock simulation).\\\");\n    } catch (e) {\n        console.log(\\\"[FAIL] Blocked:\\\", e.message);\n    }\n}\n\nrunPoC();\n```\n\n\n### Impact\nConfidentiality: High (Access to internal services if protection is bypassed).\n\nIntegrity: Low/Medium (If internal services allow state changes via GET).\n\nAvailability: Low.",
  "id": "GHSA-2x8m-83vc-6wv4",
  "modified": "2026-04-18T00:15:09Z",
  "published": "2026-04-16T21:51:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Flowise: SSRF Protection Bypass (TOCTOU \u0026 Default Insecure)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41272 (GCVE-0-2026-41272)

FKIE_CVE-2026-41272

GHSA-2X8M-83VC-6WV4

Summary

Details

PoC

Scenario 2: DNS Rebinding

Impact

Tags

Sightings

Nomenclature