CVE Catalog
CVE-2026-56026
MediumCVSS 6.4Summary
A Server Side Request Forgery (SSRF) vulnerability exists in the utm.codes plugin versions up to 1.9.0. It allows a Subscriber to send HTTP requests from the server to internal or external resources.
Risk Assessment
An attacker with Subscriber role can exploit this vulnerability to scan internal networks, access services not publicly available, or perform attacks on other systems from the server.
Recommendation
Immediately update the utm.codes plugin to a version newer than 1.9.0. If an update is not available, restrict Subscriber permissions or temporarily disable the plugin.
Original NVD description (English source)
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

