CVE-2026-36764
SSRF Vulnerability in SpringBlade v4.8.0 via Test Connection Endpoint
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chillzhuang | springblade | to 4.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-36764 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-36764 is a Server-Side Request Forgery (SSRF) vulnerability found in the /ureport/datasource/testConnection endpoint of SpringBlade version 4.8.0 and below.
This endpoint accepts user-controlled JDBC connection parameters such as driver, URL, username, and password without proper validation.
Because of this lack of input validation, an authenticated attacker can craft requests that cause the server to make unauthorized internal network requests, potentially scanning internal resources.
Additionally, this vulnerability can lead to arbitrary file reads and remote code execution on older MySQL connector versions due to exploitation of the MySQL protocol.
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- An attacker can scan internal network resources that are normally inaccessible from outside, potentially discovering sensitive internal services.
- It may allow arbitrary file reading on the server, exposing sensitive data stored on the system.
- On systems using older MySQL connectors, it could enable remote code execution, allowing attackers to run malicious code on the server.
- Overall, this can lead to data breaches, system compromise, and further exploitation within the affected environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability exists in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 and below, which accepts user-controlled JDBC connection parameters without validation.
To detect exploitation attempts or probe for this vulnerability, you can monitor HTTP requests targeting the /ureport/datasource/testConnection endpoint, especially those containing JDBC parameters such as driver, URL, username, and password.
Example command to detect such requests in web server logs (assuming Apache logs):
- grep "/ureport/datasource/testConnection" /var/log/apache2/access.log
To detect active exploitation attempts on the network, you can use tools like tcpdump or Wireshark to filter HTTP GET requests to the vulnerable endpoint:
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep "/ureport/datasource/testConnection"
Additionally, you can write custom scripts or use web application firewalls (WAF) to alert on requests containing suspicious JDBC parameters in the URL.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps for CVE-2026-36764 include:
- Disable the /ureport/datasource/testConnection endpoint if it is not required.
- Implement whitelisting of allowed JDBC drivers to prevent arbitrary driver usage.
- Sanitize and validate JDBC URL parameters to prevent malicious input.
- Restrict connection targets to prevent Server-Side Request Forgery (SSRF) attacks.
- Disable LOAD DATA LOCAL functionality in MySQL connectors to prevent arbitrary file read and remote code execution.