MEDIUM
flowintel
CVE published 2026-05-28
CVE-2026-9813
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality located in app/case/task.py. An attacker with the ability to submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. The vulnerability stems from insufficient validation of both the URL sche [truncated]