{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41171", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-17T16:34:45.525Z", "datePublished": "2026-04-22T21:16:14.013Z", "dateUpdated": "2026-04-23T12:54:01.682Z"}, "containers": {"cna": {"title": "SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on \"Jint\" HttpClient", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97"}, {"name": "https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4", "tags": ["x_refsource_MISC"], "url": "https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4"}], "affected": [{"vendor": "Squidex", "product": "squidex", "versions": [{"version": "< 7.23.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-22T21:22:36.474Z"}, "descriptions": [{"lang": "en", "value": "Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authenticated user with low privileges (e.g., schema editing permissions) can force the server to make arbitrary outbound HTTP requests to attacker-controlled or internal endpoints. This allows access to internal services and cloud metadata endpoints (e.g., IMDS), potentially leading to credential exposure and lateral movement. Version 7.23.0 contains a fix."}], "source": {"advisory": "GHSA-4m22-gvqm-jv97", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T12:53:56.134579Z", "id": "CVE-2026-41171", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T12:54:01.682Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on \"Jint\" HttpClient", "source": {"advisory": "GHSA-4m22-gvqm-jv97", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Squidex", "product": "squidex", "versions": [{"status": "affected", "version": "< 7.23.0"}]}], "references": [{"url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97", "name": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4", "name": "https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authenticated user with low privileges (e.g., schema editing permissions) can force the server to make arbitrary outbound HTTP requests to attacker-controlled or internal endpoints. This allows access to internal services and cloud metadata endpoints (e.g., IMDS), potentially leading to credential exposure and lateral movement. Version 7.23.0 contains a fix."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-22T21:22:36.474Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41171", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T12:53:56.134579Z"}}}], "references": [{"url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-23T12:53:47.816Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-41171", "state": "PUBLISHED", "dateUpdated": "2026-04-22T21:22:36.474Z", "dateReserved": "2026-04-17T16:34:45.525Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-22T21:16:14.013Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authenticated user with low privileges (e.g., schema editing permissions) can force the server to make arbitrary outbound HTTP requests to attacker-controlled or internal endpoints. This allows access to internal services and cloud metadata endpoints (e.g., IMDS), potentially leading to credential exposure and lateral movement. Version 7.23.0 contains a fix."}], "id": "CVE-2026-41171", "lastModified": "2026-04-24T14:45:24.803", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-22T22:16:31.543", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4"}, {"source": "security-advisories@github.com", "url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.23.0)"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 91.0, "source": "matching"}]}, "original": {"product": "squidex", "source": "cna", "vendor": "Squidex"}, "product": "squidex", "vendor": "squidex.io"}], "analysis": {"en": {"generated_at": "2026-04-27T08:22:16.421269+00:00", "value": {"mitigation_remediation": ["Upgrade Squidex to version 7.23.0 or later to apply the SSRF fix. ", "If an immediate upgrade is not feasible, remove or reduce the editing permissions of users who can execute scripts or disable the Jint scripting engine functions entirely. ", "Implement outbound firewall or proxy restrictions to limit the Squidex server\u2019s ability to reach internal network addresses or cloud metadata endpoints."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Squidex content management platform, specifically all releases earlier than 7.23.0. Users running those earlier versions are at risk if they continue to provide authenticated access with editing permissions.", "description_and_impact": "Squidex versions before 7.23.0 allow an authenticated user with low privileges, such as schema editors, to direct the server\u2019s Jint HTTP client to make arbitrary outbound HTTP requests. The missing SSRF protection enables the attacker to reach internal or cloud metadata services, potentially exposing credentials and providing a foothold for lateral movement. This flaw is identified as CWE\u2011918 (Server\u2011Side Request Forgery).", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high severity risk. EPSS data is not available, and the issue is not listed in CISA\u2019s KEV catalogue, suggesting no publicly known exploits yet. However, the attack requires only a low\u2011privileged authenticated session and can be used to reach internal endpoints, so the real\u2011world risk remains significant, especially in environments with exposed internal services or cloud metadata access. The attack vector is likely external, mediated by legitimate API calls from a compromised or malicious user account."}}}}, "created": "2026-04-27T18:42:00.077504+00:00", "updated": "2026-04-27T20:15:12.109763+00:00", "vendors": ["squidex.io", "squidex.io$PRODUCT$squidex"]}