← Zuruck zu CVEs
CVE-2026-32096
CRITICAL9.3
Beschreibung
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.
CVE Details
CVSS v3.1 Bewertung9.3
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/11/2026
Zuletzt geandert3/16/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
useplunk:plunk
Schwachen (CWE)
CWE-918
Referenzen
https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652(security-advisories@github.com)
https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.