PatchSiren cyber security CVE debrief
CVE-2026-8725 CoreWorxLab CVE debrief
CVE-2026-8725 describes a server-side request forgery (SSRF) issue in CoreWorxLab CAAL up to 1.6.0, with the affected code area identified as src/caal/webhooks.py in the test-hass endpoint. The source record says remote exploitation is possible and references a public exploit, which raises operational risk even though the CVSS score is only medium.
- Vendor
- CoreWorxLab
- Product
- CAAL
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-17
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-17
- Advisory updated
- 2026-05-18
Who should care
Administrators and operators running CoreWorxLab CAAL 1.6.0 or earlier should review exposure immediately, especially if the test-hass endpoint or related webhook handling is reachable from untrusted networks. Security teams should also care if CAAL can make outbound requests to internal or sensitive destinations.
Technical summary
The source data maps this issue to CWE-918 (SSRF) and provides a CVSS v4 vector indicating network access with no privileges or user interaction required. The vulnerable function is not named in the source, but the affected area is identified as src/caal/webhooks.py within the test-hass endpoint. The feed also indicates exploit maturity and points to public references, so even with limited impact scoring, the exposure can be meaningful if the application can reach internal services or metadata endpoints.
Defensive priority
Elevated
Recommended defensive actions
- Inventory all deployments of CoreWorxLab CAAL and determine whether version 1.6.0 or earlier is present.
- Restrict or disable exposure of the test-hass endpoint and any related webhook routes to untrusted networks.
- Apply a vendor fix or mitigation as soon as one is available; the supplied source does not provide a confirmed patched version.
- Review outbound network controls so the application cannot reach sensitive internal ranges, metadata services, or other high-value targets.
- Monitor logs for suspicious webhook activity, unusual outbound requests, and attempts to pivot through the affected endpoint.
- If the product must remain in service, place compensating controls around egress filtering, segmentation, and alerting.
Evidence notes
The source record from NVD lists CWE-918 and a CVSS v4 vector of AV:N/AC:L/AT:N/PR:N/UI:N with exploit maturity marked P, supporting a remotely reachable SSRF assessment. The CVE description names CoreWorxLab CAAL up to 1.6.0 and says the issue affects src/caal/webhooks.py in the test-hass endpoint, but it does not identify the exact function. Vendor attribution in the supplied feed is low-confidence and flagged for review, so product ownership should be validated against local inventory before remediation planning.
Official resources
According to the supplied source description, the issue was disclosed after early vendor contact that received no response, and the source references include a public exploit-related discussion. The CVE published date used here is 2026-05-