CVE-2026-5936 - Vulnerability Analysis
HighCVSS: 8.5Last Updated: April 13, 2026
Generic Server - Server Side Request Forgery
Published: April 13, 2026Updated: April 13, 2026Remote Exploitable
Overview
A server contains a server side request forgery caused by processing attacker-supplied URLs, letting attackers make arbitrary requests to internal or external services, exploit requires crafted URL input.
Severity & Score
Severity: High
CVSS Score: 8.5
Impact
Attackers can make arbitrary requests to internal services, potentially exposing sensitive information and enabling further internal network compromise.
Mitigation
Update to the latest version or apply patches that validate and restrict server-side request destinations.
Related Resources
Details
- CVE ID
- CVE-2026-5936
- Severity
- High
- CVSS Score
- 8.5
- Type
- server_side_request_forgery
- Status
- new
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N