PatchSiren

garlic-signage CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH garlic-signage CVE published 2026-06-11

CVE-2026-47170

A vulnerability was discovered in Garlic-Hub, a digital signage network management system. Prior to version 1.1, authenticated users can exploit the uploadFromUrl endpoint to cause the server to issue arbitrary HTTP requests to internal services. This allows for internal port scanning, service fingerprinting, and retrieval of internal HTTP responses, which are stored in the publicly accessible media pool. [truncated]