Home / Vulnerability Intelligence / CVE-2026-30242

CVE-2026-30242 - Vulnerability Analysis

HighCVSS: 8.5

Last Updated: March 6, 2026

Plane - Server Side Request Forgery

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Plane < 1.2.3 contains a server-side request forgery caused by insufficient webhook URL validation allowing workspace ADMIN attackers to create webhooks pointing to internal network addresses, enabling SSRF with full response read-back.

Severity & Score

Severity: High

CVSS Score: 8.5

Impact

Attackers with workspace ADMIN role can perform SSRF to internal network addresses and read full responses, potentially exposing sensitive internal data.

Mitigation

Update to version 1.2.3 or later.

References

https://github.com/makeplane/plane/releases/tag/v1.2.3
https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30242
Severity: High
CVSS Score: 8.5
Type: server_side_request_forgery
Status: new

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N