The CVE-2026-28036 vulnerability in SkatDesign Ratatouille (<= 1.2.6) is a Server-Side Request Forgery (SSRF) issue. SSRF vulnerabilities enable attackers to make the server perform unintended HTTP requests, which can lead to information disclosure or manipulation of internal resources. The CVSS vector indicates the attack can be performed remotely over the network with low complexity and requires low privileges, without user interaction. The impact affects confidentiality and integrity but not availability. No patch or official remediation details are currently available.

An attacker with low privileges can exploit this SSRF vulnerability to cause the server to make unauthorized requests, potentially exposing sensitive information or affecting data integrity. There is no indication of availability impact or active exploitation in the wild. The medium severity reflects the moderate risk posed by this vulnerability given its potential to leak or manipulate data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround has been provided, users should monitor vendor communications for updates. Until a fix is available, restricting network access and limiting the privileges of the Ratatouille application may reduce risk.