CVE-2026-41171
SSRF Vulnerability in Squidex Scripting Engine Enables Internal Access
Publication date: 2026-04-22
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squidex | squidex | to 7.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) issue in Squidex, an open source headless content management system. Versions before 7.23.0 lack proper SSRF protection on the Jint HTTP client used by scripting engine functions like getJSON and request.
An authenticated user with low privileges, such as someone with schema editing permissions, can exploit this flaw to make the server send arbitrary outbound HTTP requests. These requests can target attacker-controlled or internal endpoints.
This can allow the attacker to access internal services and cloud metadata endpoints, potentially exposing credentials and enabling lateral movement within the network.
The issue is fixed in version 7.23.0 of Squidex.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to internal services and cloud metadata endpoints.
An attacker exploiting this SSRF flaw can potentially obtain sensitive credentials from cloud metadata services, which can lead to further compromise of the system.
It also enables lateral movement within the network, increasing the risk of broader system compromise.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Squidex to version 7.23.0 or later, which contains the fix for the SSRF issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated user with low privileges to make arbitrary outbound HTTP requests from the server, potentially accessing internal services and cloud metadata endpoints. This can lead to credential exposure and lateral movement within the environment.
Such unauthorized access and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.
However, the provided information does not explicitly describe the direct effects on compliance with these standards.