Medium severity5.3NVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026
CVE-2026-49328
CVE-2026-49328
Description
Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <2.0.2-incubating
Patches
Vulnerability mechanics
References
5- github.com/apache/fesod/pull/917nvdIssue TrackingPatch
- lists.apache.org/thread/c1pb5b66h02p9tlrnfbwcgcz85v16fkjnvdMailing ListVendor Advisory
- fesod.apache.org/docs/downloadnvdProduct
- github.com/apache/fesod/releases/tag/2.0.2-incubatingnvdRelease Notes
- www.openwall.com/lists/oss-security/2026/06/01/4nvd
News mentions
0No linked articles in our index yet.