Home / Vulnerability Intelligence / CVE-2026-33126

CVE-2026-33126 - Vulnerability Analysis

MediumCVSS: 5.0

Last Updated: March 23, 2026

Frigate - Server-Side Request Forgery

Published: March 20, 2026Updated: March 23, 2026PoC AvailableRemote Exploitable

Overview

Frigate < 0.16.3 contains a server-side request forgery caused by improper validation of user-controlled URLs in the /ffprobe endpoint, letting attackers make HTTP requests to internal resources, exploit requires crafted request.

Severity & Score

Severity: Medium

CVSS Score: 5.0

Impact

Attackers can make HTTP requests to internal network resources, cloud metadata services, or perform port scanning, potentially exposing sensitive information or enabling further attacks.

Mitigation

Update to version 0.16.3 or later.

References

https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3
https://github.com/blakeblackshear/frigate/security/advisories/GHSA-j6g3-3j3q-c2xv

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33126
Severity: Medium
CVSS Score: 5.0
Type: server_side_request_forgery
Status: confirmed

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N