← Voltar para CVEs
CVE-2026-33126
MEDIUM5.0
Descricao
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.
Detalhes CVE
Pontuacao CVSS v3.15.0
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/20/2026
Ultima modificacao3/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
frigate:frigate
Fraquezas (CWE)
CWE-918
Referencias
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3(security-advisories@github.com)
https://github.com/blakeblackshear/frigate/security/advisories/GHSA-j6g3-3j3q-c2xv(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.