CVE Catalog

CVE-2026-39087

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile - higher than 33% of all known CVEs

Summary

SSRF vulnerability in ntfy before version 2.22.0 due to an unanchored regular expression for web push endpoint URLs. This allows an attacker to send requests to internal network resources.

Risk Assessment

The risk involves potential scanning of internal networks, access to sensitive data, or attacks on other internal services.

Recommendation

Immediately update ntfy to version 2.22.0 or later, which includes a fix for this issue.

Original NVD description (English source)

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS