Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27567

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Feb, 2026 | 14:22
Updated At-27 Feb, 2026 | 19:03
Rejected At-
Credits

Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Feb, 2026 | 14:22
Updated At:27 Feb, 2026 | 19:03
Rejected At:
▼CVE Numbering Authority (CNA)
Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.

Affected Products
Vendor
payloadcms
Product
payload
Versions
Affected
  • < 3.75.0
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6
x_refsource_CONFIRM
https://github.com/payloadcms/payload/commit/1041bb6
x_refsource_MISC
https://github.com/payloadcms/payload/releases/tag/v3.75.0
x_refsource_MISC
Hyperlink: https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/payloadcms/payload/commit/1041bb6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/payloadcms/payload/releases/tag/v3.75.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Feb, 2026 | 15:21
Updated At:26 Feb, 2026 | 19:59

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CPE Matches
payloadcms
payloadcms
>>payload>>Versions before 3.75.0(exclusive)
cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarysecurity-advisories@github.com
CWE ID: CWE-918
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/payloadcms/payload/commit/1041bb6security-advisories@github.com
Patch
https://github.com/payloadcms/payload/releases/tag/v3.75.0security-advisories@github.com
Product
Release Notes
https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6security-advisories@github.com
Mitigation
Vendor Advisory
Hyperlink: https://github.com/payloadcms/payload/commit/1041bb6
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/payloadcms/payload/releases/tag/v3.75.0
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6
Source: security-advisories@github.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

15Records found
CVE-2024-46947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.66%
||
7 Day CHG-0.01%
Published-08 Nov, 2024 | 00:00
Updated-08 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

Action-Not Available
Vendor-n/anorthern.tech
Product-n/amender
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-27163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-93.05% / 99.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Action-Not Available
Vendor-rbasketsn/a
Product-request_basketsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-8678
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 07:24
Updated-25 Aug, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-johnbillion
Product-WP Crontrol
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-35451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 9.93%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-03 Jul, 2025 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.

Action-Not Available
Vendor-linkstackn/alinkstack
Product-linkstackn/alinkstack
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-63010
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 8.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:52
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.

Action-Not Available
Vendor-ThemesInflow
Product-Hercules Core
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4260
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 72.33%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 06:00
Updated-16 May, 2025 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoBlocks < 3.1.12 - Contributor+ SSRF

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Action-Not Available
Vendor-godaddyUnknownpage_builder_gutenberg_blocks
Product-coblocksPage Builder Gutenberg Blocks page_builder_gutenberg_blocks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3||LOW
EPSS-0.73% / 72.54%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:33
Updated-20 Feb, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.

Action-Not Available
Vendor-Semper Plugins, LLC (AIOSEO)
Product-all_in_one_seoAll in One SEO Pro (WordPress plugin)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-57055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG+0.01%
Published-17 Sep, 2025 | 00:00
Updated-23 Sep, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curl_exec() without sufficient validation, allowing the attacker to force internal or external HTTP requests.

Action-Not Available
Vendor-wondercmsn/a
Product-wondercmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-5350
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.22%
||
7 Day CHG+0.02%
Published-24 Oct, 2025 | 10:08
Updated-21 Nov, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery (SSRF). Additionally, the retrieved content was directly reflected in the HTTP response, enabling reflected cross-site scripting (XSS) in the admin user's browser context. By tricking an administrator into accessing a crafted link, an attacker could force the server to fetch malicious content and reflect it into the admin’s browser, leading to arbitrary JavaScript execution for UI manipulation or data exfiltration. While session cookies are protected with the HttpOnly flag, the XSS still poses a significant security risk. Furthermore, SSRF can be used by a privileged user to query internal services, potentially aiding in internal network enumeration if the target endpoints are reachable from the affected product.

Action-Not Available
Vendor-WSO2 LLC
Product-identity_serveropen_banking_amuniversal_gatewayenterprise_integratorapi_manageridentity_server_as_key_manageropen_banking_iamtraffic_managerapi_control_planeWSO2 Open Banking AMorg.wso2.carbon:org.wso2.carbon.uiWSO2 Traffic ManagerWSO2 Open Banking IAMWSO2 Identity ServerWSO2 API Control PlaneWSO2 Identity Server as Key ManagerWSO2 Universal GatewayWSO2 API ManagerWSO2 Enterprise Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-20531
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 51.04%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:31
Updated-20 Nov, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13923
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.93%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 11:11
Updated-26 Mar, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-webtoffeewebtoffee
Product-order_export_\&_order_import_for_woocommerceOrder Export & Order Import for WooCommerce
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13907
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.38%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 06:48
Updated-11 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-total_upkeepTotal Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-13450
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-3.8||LOW
EPSS-0.34% / 56.34%
||
7 Day CHG~0.00%
Published-25 Jan, 2025 | 08:23
Updated-04 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.

Action-Not Available
Vendor-bitappsbitpressadmin
Product-contact_form_builderContact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-47664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.4||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG+0.12%
Published-07 May, 2025 | 14:20
Updated-26 Nov, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-wp_pipesWP Pipes
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.03%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 00:00
Updated-17 May, 2025 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF.

Action-Not Available
Vendor-eladminn/aeladmin
Product-eladminn/aeladmin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
Details not found