PatchSiren

doramart CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM doramart CVE published 2026-02-10

CVE-2026-25870

CVE-2026-25870 is a server-side request forgery (SSRF) vulnerability in DoraCMS version 3.1 and prior. The vulnerability exists in the UEditor remote image fetch functionality, which accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. This allows an attacker to induce the server to issue outbound requests to arbitrary hosts, [truncated]