CVE-2026-26379
EUVD-2026-3417003.06.2026, 19:16
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| koha | koha | 𝑥 ≤ 25.11.00 |
𝑥
= Vulnerable software versions