Security Advisory

CVE-2026-32096

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-11 19:53:39

Last updated 2026-03-12 20:00:12

Assigner GitHub_M

State PUBLISHED

Description

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.

← Browse all CVEs View on cve.org ↗