MEDIUM
mosparo
CVE published 2026-05-12
CVE-2026-41195
CVE-2026-41195 describes a stored server-side request forgery (SSRF) issue in mosparo’s automatic rule package source URL feature. Before 1.4.13, a project member with the editor role could save an attacker-controlled URL, and the server would later fetch it. Because redirects were followed and private or loopback destinations were not restricted, the feature could be used as an internal HTTP probing orac [truncated]