VYPR
High severityNVD Advisory· Published Apr 22, 2026· Updated Apr 24, 2026

CVE-2026-41172

CVE-2026-41172

Description

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as an asset. Version 7.23.0 contains a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Squidex/Squidexreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <7.23.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.