CVE-2026-2556
Received Received - Intake
Server-Side Request Forgery in cskefu MediaController Endpoint

Publication date: 2026-02-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-16
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-02-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2556
EUVD
EUVD-2026-6089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cskefu cskefu to 8.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-2556 is a Server-Side Request Forgery (SSRF) vulnerability found in the cskefu software versions up to 8.0.1. It exists in the MediaController.java file of the Endpoint component, specifically in a method that processes a user-controlled URL parameter.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the application performs insufficient validation on the URL parameter, only checking that it starts with "http://" or "https://" and contains a path. This weak validation does not prevent URLs pointing to internal network addresses or the local loopback interface.'}, {'type': 'paragraph', 'content': 'As a result, an attacker can manipulate the URL parameter to make the vulnerable server send unauthorized HTTP requests to arbitrary destinations, including internal network services or cloud metadata endpoints. This can be exploited remotely without authentication.'}] [1, 2, 3]


How can this vulnerability impact me? :

This SSRF vulnerability can impact you in several ways:

  • Confidentiality loss by allowing attackers to read responses from internal services that are normally inaccessible.
  • Integrity compromise by enabling attackers to interact with internal services, potentially altering data or configurations.
  • Availability issues such as Denial of Service (DoS) by forcing the server to download large files or connect to slow or malicious services, exhausting server resources.
  • Internal network reconnaissance through port scanning and accessing internal service metadata, which can facilitate further attacks.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring and analyzing requests to the vulnerable endpoint `/res/url` in the cskefu server, which accepts a user-controlled `url` parameter. Suspicious requests that include URLs pointing to internal IP addresses (such as 127.0.0.1 or 192.168.x.x) or unusual external URLs may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can use network monitoring tools or web server logs to identify requests to `/res/url` with potentially malicious URL parameters.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity include:'}, {'type': 'list_item', 'content': 'Using grep on web server logs to find requests to the vulnerable endpoint:\n`grep "/res/url?url=" /var/log/nginx/access.log`'}, {'type': 'list_item', 'content': 'Using tcpdump or similar tools to capture HTTP requests to the server and filter for the vulnerable endpoint:\n`tcpdump -A -s 0 \'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)\' | grep "/res/url?url="`'}, {'type': 'list_item', 'content': 'Using curl or similar tools to test the endpoint manually by sending crafted requests with internal or loopback URLs to verify if the server fetches them.'}] [2, 3]


What immediate steps should I take to mitigate this vulnerability?

[{'type': 'paragraph', 'content': 'There are no known vendor patches or countermeasures available for this vulnerability as the vendor has not responded to the disclosure.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Restrict or block access to the vulnerable `/res/url` endpoint at the network or application firewall level to prevent exploitation.'}, {'type': 'list_item', 'content': "Implement network segmentation and firewall rules to limit the server's ability to make outbound requests to internal or sensitive network resources."}, {'type': 'list_item', 'content': 'Monitor and log all requests to the vulnerable endpoint to detect and respond to exploitation attempts.'}, {'type': 'list_item', 'content': 'Consider replacing the affected cskefu component or software version with an alternative product that is not vulnerable.'}] [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart