← Zuruck zu CVEs
CVE-2026-27706
HIGH7.7
Beschreibung
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
CVE Details
CVSS v3.1 Bewertung7.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/25/2026
Zuletzt geandert2/27/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
plane:plane
Schwachen (CWE)
CWE-918
Referenzen
https://github.com/makeplane/plane/releases/tag/v1.2.2(security-advisories@github.com)
https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.