Back to overview

CVE-2026-59101

MEDIUM
5.8
CVSS 3.1
Description
AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST /api/v1/setup/test-downloader endpoint during the initial setup window, causing the server to issue HTTP GET requests to internal or reserved addresses and leak information through echoed connection-error messages.

Metadata

CVE ID
CVE-2026-59101
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-02 15:38 UTC
Published
2026-07-02 19:43 UTC
Last updated
2026-07-02 19:43 UTC
Primary CWE
CWE-918
Server-Side Request Forgery (SSRF)
Vendor / Product
EstrellaXD / Auto_Bangumi
Sources
cve.org  ·  NVD

Severity & Metrics

5.8 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
EstrellaXD Auto_Bangumi 0 < 3.2.8
Weakness (CWE)
CWESourceDescription
CWE-918 cna Server-Side Request Forgery (SSRF)
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.8 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Back to overview