CVE Catalog

CVE-2026-56026

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Summary

A Server Side Request Forgery (SSRF) vulnerability exists in the utm.codes plugin versions up to 1.9.0. It allows a Subscriber to send HTTP requests from the server to internal or external resources.

Risk Assessment

An attacker with Subscriber role can exploit this vulnerability to scan internal networks, access services not publicly available, or perform attacks on other systems from the server.

Recommendation

Immediately update the utm.codes plugin to a version newer than 1.9.0. If an update is not available, restrict Subscriber permissions or temporarily disable the plugin.

Original NVD description (English source)

Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS