← voltar
CVE-2026-57947

Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration

CVSS 6.3 MEDIUMEPSS 0.2%CWE-918
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:N
Produtos afetados
pinpoint-apm · pinpoint

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →