PatchSiren cyber security CVE debrief
CVE-2026-47170 garlic-signage CVE debrief
A vulnerability was discovered in Garlic-Hub, a digital signage network management system. Prior to version 1.1, authenticated users can exploit the uploadFromUrl endpoint to cause the server to issue arbitrary HTTP requests to internal services. This allows for internal port scanning, service fingerprinting, and retrieval of internal HTTP responses, which are stored in the publicly accessible media pool. The issue has been patched in version 1.1.
- Vendor
- garlic-signage
- Product
- garlic-hub
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Garlic-Hub digital signage networks should be aware of this vulnerability and ensure they are running version 1.1 or later to prevent exploitation.
Technical summary
The vulnerability is caused by the lack of proper validation and sanitization of user input in the uploadFromUrl endpoint. An authenticated user can send a crafted request to the endpoint, which will then issue an arbitrary HTTP request to an internal service. This can lead to internal port scanning, service fingerprinting, and retrieval of internal HTTP responses.
Defensive priority
HIGH
Recommended defensive actions
- Update Garlic-Hub to version 1.1 or later
- Restrict access to the uploadFromUrl endpoint to only trusted users
- Monitor internal services for unusual activity
Evidence notes
The vulnerability was patched in version 1.1 of Garlic-Hub. References to the patch and advisory can be found at [ref-4](https://github.com/garlic-signage/garlic-hub/commit/076b6d70a43d9641c35cbd8042353b473e3241f5) and [ref-5](https://github.com/garlic-signage/garlic-hub/security/advisories/GHSA-x24v-76hr-989r).
Official resources
CVE-2026-47170 was published on 2026-06-11T19:16:44.890Z and modified on 2026-06-11T20:58:18.123Z.