CVE-2026-26379

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times.

Vulnerability Details

Published Date

June 03, 2026

Last Modified

June 04, 2026

CWE ID

CWE-94

Source

NVD

Vendor

koha

Product

koha

External References

https://g03m0n.github.io/
https://g03m0n.github.io/posts/cve-2026-26379/
https://github.com/Koha-Community/Koha

CVE-2026-26379

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment