CVE-2026-45012
Received Received - Intake
Authenticated SSRF in ApostropheCMS Rich-Text Widget

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: GitHub, Inc.

Description
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses, the fetched content can be persisted and re-hosted by Apostrophe, allowing response exfiltration. As of time of publication, no known patched versions are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-45012
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apostrophecms apostrophe to 4.29.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ApostropheCMS, an open-source Node.js content management system, in versions up to and including 4.29.0. It is an authenticated server-side request forgery (SSRF) issue found in the rich-text widget import flow. An authenticated user who can submit or edit rich-text widget content can cause the server to fetch URLs controlled by an attacker during the widget validation process.

If the server receives an image-compatible response from the attacker-controlled URL, the fetched content can be stored and re-hosted by ApostropheCMS, which allows the attacker to exfiltrate data via the server.

As of the publication date, no patched versions are available to fix this vulnerability.

Impact Analysis

This vulnerability can impact you by allowing an authenticated user to make the server fetch arbitrary URLs controlled by an attacker. This can lead to unauthorized data exfiltration if the server stores and re-hosts the fetched content.

The impact includes potential confidentiality breaches (high confidentiality impact), integrity issues (low integrity impact), and availability concerns (low availability impact), as indicated by the CVSS score.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45012. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart