CVE-2026-9813

216.73.216.123

· Published 28/05/2026 10:16 · Modified 29/05/2026 14:46

Labels: CVE-2026-9813 2026-05-28 5a6e4751-2f3f-4070-9419-94fb35b644e8 CVE-2026-9813 CWE-918

Essential information

Published: 28/05/2026 10:16
Modified: 29/05/2026 14:46
Author: —
Creator: —
CVSS: 6.2 MEDIUM (v3) 6.2 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 5a6e4751-2f3f-4070-9419-94fb35b644e8
NVD: View on NVD

Affected products (CPE)

Product	CPE
flowintel / flowintel	`cpe:2.3:a:flowintel:flowintel:<3.3.0:::::::*`