CVE-2026-11437

Summary

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
perfreego-fastdfs-web1.3.0affected
perfreego-fastdfs-web1.3.1affected
perfreego-fastdfs-web1.3.2affected
perfreego-fastdfs-web1.3.3affected
perfreego-fastdfs-web1.3.4affected
perfreego-fastdfs-web1.3.5affected
perfreego-fastdfs-web1.3.6affected
perfreego-fastdfs-web1.3.7affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References