2025-10-17 18:33:41
VulnCheck
PUBLISHED
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboards Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may initiate unintended outbound requests. This can be used to access internal services or resources.