CVE-2026-41177
Blind SSRF in Squidex Restore API Enables Local File Access
Publication date: 2026-04-22
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squidex | squidex | to 7.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Squidex to version 7.23.0 or later, as this version contains a fix that properly validates the URI scheme of the user-supplied Url parameter, preventing the use of the file:// protocol.
Additionally, restrict administrative access to trusted users only, since exploitation requires authenticated administrator privileges.
Can you explain this vulnerability to me?
This vulnerability affects the Squidex Restore API prior to version 7.23.0. It is a Blind Server-Side Request Forgery (SSRF) issue where the application does not properly validate the URI scheme of the user-supplied `Url` parameter. Specifically, it allows the use of the `file://` protocol, which means an authenticated administrator can make the backend server interact with its local filesystem.
This interaction can lead to Local File Interaction (LFI), potentially exposing sensitive system information through side-channel analysis of internal logs.
How can this vulnerability impact me? :
The vulnerability allows an authenticated administrator to exploit the Restore API to access local files on the backend server. This can lead to the disclosure of sensitive system information, which might be used to further compromise the system or gain unauthorized insights into its configuration.
While the impact on integrity and availability is limited, the confidentiality of sensitive data is at high risk due to this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated administrator to exploit Blind Server-Side Request Forgery (SSRF) to interact with the local filesystem, potentially leading to disclosure of sensitive system information.
Such unauthorized disclosure of sensitive information could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access or disclosure.
However, the provided information does not explicitly describe the direct effects on compliance with these regulations.