CVE-2026-3163 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: February 25, 2026
SourceCodester Website Link Extractor - Server Side Request Forgery
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Website Link Extractor 1.0 contains a server-side request forgery caused by manipulation of the URL Handler component, letting remote attackers initiate requests to internal or external systems.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can make the server perform arbitrary requests, potentially accessing internal resources or causing denial of service.
Mitigation
Update to the latest version or apply patches that validate and sanitize URL inputs.
References
Related Resources
Details
- CVE ID
- CVE-2026-3163
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- server_side_request_forgery
- Status
- confirmed
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L