Sign in Subscribe

← All advisories

High severity7.7NVD Advisory· Published Mar 30, 2026· Updated Apr 2, 2026

CVE-2026-29925

CVE-2026-29925

Description

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

Affected products

2

Invoiceninja/Invoiceninja2 versions
cpe:2.3:a:invoiceninja:invoice_ninja:5.12.46:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:invoiceninja:invoice_ninja:5.12.46:*:*:*:*:*:*:*
- cpe:2.3:a:invoiceninja:invoice_ninja:5.12.48:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

gist.github.com/TrekLaps/5b2c72106d950dab0cd1897eb93200f1nvdExploitThird Party Advisory
github.com/invoiceninja/invoiceninja/blob/v5-stable/app/Http/Requests/Setup/CheckDatabaseRequest.phpnvdProduct

News mentions

0

No linked articles in our index yet.