Topic

#ssrf

2 articles exploring ssrf. Expert insights and analysis from our editorial team.

Showing 1–2 of 2 articles
Related topics:
next-js websocket cve self-hosted vulnerability patch-management

Articles

Newest first
Security

Next.js CVE-2026-44578: WebSocket Upgrade SSRF Hits 79,000 Self-Hosted Instances From 13.4.13 Onward

Next.js 15.5.16 and 16.2.5 patch an unauthenticated WebSocket upgrade SSRF. A single absolute-form URL request proxies internal traffic, exposing 79,000 self-hosted instances.
Security

LMDeploy CVE-2026-33626: Vision-LLM SSRF Exploited Within 12 Hours of GHSA (see also SSRF exploited) Publication

CVE-2026-33626 in LMDeploy's vision endpoint was exploited 12.5 hours after GHSA disclosure, with attackers targeting AWS IMDS and Redis via the image-fetch SSRF path.
Browse All Topics