CVE-2026-39087
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Vulnerability report for CVE-2026-39087, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-23
Last updated on: 2026-07-04
Assigner: MITRE
Description
Description
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-777 | The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through. |