MEDIUM
CoreWorxLab
CVE published 2026-05-17
CVE-2026-8725
CVE-2026-8725 describes a server-side request forgery (SSRF) issue in CoreWorxLab CAAL up to 1.6.0, with the affected code area identified as src/caal/webhooks.py in the test-hass endpoint. The source record says remote exploitation is possible and references a public exploit, which raises operational risk even though the CVSS score is only medium.