CVE-2026-1884

EUVD-2026-5333
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
zentaozentao
𝑥
≤ 21.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ez-lbz/ez-lbz.github.io/issues/9
https://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574
https://vuldb.com/?ctiid.344264
https://vuldb.com/?id.344264
https://vuldb.com/?submit.742633
https://github.com/ez-lbz/ez-lbz.github.io/issues/9
https://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574