Security Advisory

CVE-2026-27472

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 18:38:02

Last updated 2026-03-05 01:31:16

Assigner VulnCheck

State PUBLISHED

Description

SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitrary internal or external destinations. This vulnerability is not mitigated by the SPIP security screen.

← Browse all CVEs View on cve.org ↗