Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

• Twentyhq/Twentyv5

  Range: < 1.18

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• github.com/twentyhq/twenty/releases/tag/v1.18.0mitrex_refsource_MISC
• github.com/twentyhq/twenty/security/advisories/GHSA-wm7q-rvq3-x8q9mitrex_refsource_CONFIRM

• &#x5b;Guest Diary&#x5d; New Malware Libraries means New Signatures, (Fri, May 15th)
  SANS Internet Storm Center · May 15, 2026
• 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
  BleepingComputer · May 13, 2026
• European countries are exporting surveillance tech to countries with poor human rights records, report says
  The Record · May 12, 2026
• The State of Ransomware – Q1 2026
  Check Point Research · May 11, 2026
• How Dark Reading Lifted Off the Launchpad in 2006
  Dark Reading · May 4, 2026
• Yet another experiment proves it's too damn simple to poison large language models
  The Register Security · Apr 29, 2026
• 20-Year-Old Malware Rewrites History of Cyber Sabotage
  Dark Reading · Apr 27, 2026
• Medieval Encrypted Letter Decoded
  Schneier on Security · Apr 27, 2026
• PhantomRPC: A new privilege escalation technique in Windows RPC
  Securelist · Apr 24, 2026
• FakeWallet crypto stealer spreading through iOS apps in the App Store
  Securelist · Apr 20, 2026
• Virtual machines, virtually everywhere – and with real security gaps
  ESET WeLiveSecurity · Mar 25, 2026
• Operation Alice Takes Down 370,000+ Dark Web Sites
  Infosecurity Magazine · Mar 23, 2026