MEDIUM
GNU wget
CVE published 2026-07-10
CVE-2026-15146
GNU Wget is affected by a vulnerability that allows for server-side request forgery (SSRF) attacks when operating in FTP passive mode. The vulnerability is caused by Wget not validating the IP address provided by an FTP PASV response. This allows a malicious FTP server or an HTTP server that redirects to an FTP URL to redirect Wget's data connection to an arbitrary IP address and port. The impact of this [truncated]