High severity7.5NVD Advisory· Published Apr 30, 2026· Updated May 6, 2026

CVE-2024-13971

Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Affected products

Lobster World/Lobster Pro
cpe:2.3:a:lobster-world:lobster_pro:*:*:*:*:*:*:*:*
Range: <4.12.6-ga

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000