CVE-2026-25428 is a Server-Side Request Forgery (SSRF) vulnerability identified in totalsoft's TS Poll product, specifically affecting versions up to and including 2.5.5. SSRF vulnerabilities occur when an attacker can manipulate a server to send crafted requests to unintended locations, often internal network services or external systems that the attacker cannot directly access. In this case, the vulnerability allows an attacker to exploit the poll-wp component of TS Poll to induce the server to make arbitrary HTTP requests. This can lead to unauthorized access to internal resources, bypassing firewall rules or network segmentation, potentially exposing sensitive data or enabling further exploitation such as scanning internal networks or accessing metadata services in cloud environments. The vulnerability was published on February 19, 2026, but no CVSS score or patches are currently available, and no active exploits have been reported. The lack of a CVSS score means severity must be assessed based on the nature of SSRF, which is typically high risk due to the ability to pivot inside networks. The vulnerability affects all TS Poll versions up to 2.5.5, with no specific affected versions detailed beyond that. The absence of known exploits suggests it may not yet be widely targeted, but the risk remains significant. The vulnerability's impact depends on the deployment context, network architecture, and whether the server has access to sensitive internal services. Attackers could leverage this flaw to access internal APIs, cloud metadata endpoints, or other protected resources, potentially leading to data leakage, privilege escalation, or further compromise.

For European organizations, the SSRF vulnerability in TS Poll could lead to significant confidentiality and integrity risks. If exploited, attackers might access internal systems that are otherwise protected by network segmentation or firewalls, exposing sensitive corporate data or internal APIs. This could facilitate lateral movement within the network, enabling attackers to escalate privileges or deploy additional malware. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitivity of their internal systems. The availability impact is generally lower for SSRF but could occur if the attacker uses the vulnerability to disrupt internal services. Given the widespread use of totalsoft products in some European markets, the vulnerability could affect a broad range of organizations, especially those using TS Poll for internal polling or survey management. The lack of known exploits reduces immediate risk but does not eliminate the threat, as attackers often develop exploits after public disclosure. The vulnerability could also be leveraged in targeted attacks against high-value European entities, especially where TS Poll is integrated with other critical systems.

European organizations should implement several specific mitigations to reduce the risk from CVE-2026-25428. First, monitor and restrict outbound HTTP requests from TS Poll servers to only trusted destinations using network-level controls such as firewalls or proxy whitelisting. Implement strict input validation and sanitization on any user-supplied URLs or parameters that could trigger server requests. Employ web application firewalls (WAFs) with rules designed to detect and block SSRF attack patterns. Conduct thorough network segmentation to limit the TS Poll server's access to sensitive internal resources. Regularly audit and monitor logs for unusual server request activity indicative of SSRF exploitation attempts. Engage with totalsoft to obtain patches or updates as soon as they become available and prioritize timely deployment. If patching is delayed, consider temporary disabling or isolating vulnerable TS Poll components. Additionally, educate security teams about SSRF risks and detection techniques to improve incident response readiness.