CVE Catalog

CVE-2026-57947

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Summary

An SSRF vulnerability in Pinpoint through version 3.1.0 allows authenticated users to register internal URLs in the webhook registration endpoint due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to send POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.

Risk Assessment

The risk involves potential unauthorized access to internal network resources, which could lead to data leakage, privilege escalation, or further attacks on internal infrastructure.

Recommendation

It is recommended to immediately upgrade Pinpoint to a version newer than 3.1.0 and implement URL validation mechanisms in webhook endpoints to block internal IP addresses and domains.

Original NVD description (English source)

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS