CVE-2026-3270 is a server-side request forgery vulnerability affecting PSI Probe, an open-source monitoring tool for Apache Tomcat servers, specifically versions 5.0 through 5.3.0. The vulnerability resides in the Whois component's lookup function, located in psi-probe-core/src/main/java/psiprobe/tools/Whois.java. SSRF occurs when the application accepts user-controlled input to perform network requests without proper validation or sanitization, allowing attackers to coerce the server into making arbitrary HTTP requests. This can lead to unauthorized internal network scanning, access to sensitive internal resources, or interaction with external malicious endpoints. The vulnerability can be triggered remotely without user interaction but requires low-level privileges on the system, which may be achievable through other means or misconfigurations. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required (PR:L means low privileges), no user interaction, and low impact on confidentiality, integrity, and availability. The vendor has not responded to the vulnerability disclosure, and no patches have been released, increasing the risk for organizations relying on PSI Probe. While no active exploitation has been reported, the public disclosure of the exploit details raises the likelihood of future attacks. PSI Probe is widely used in environments monitoring Tomcat servers, making this vulnerability relevant for many enterprise and cloud deployments.

The SSRF vulnerability allows attackers to make the PSI Probe server send crafted requests to internal or external systems, potentially bypassing firewall restrictions and accessing sensitive internal services that are not directly exposed. This can lead to information disclosure, internal network reconnaissance, and possibly pivoting to further attacks within the network. Although the impact on confidentiality, integrity, and availability is rated low to medium, the ability to abuse internal trust boundaries can facilitate more severe attacks, especially in complex enterprise environments. Organizations using PSI Probe in critical infrastructure or cloud environments may face increased risk of lateral movement or data leakage. The lack of vendor response and patches increases exposure time, elevating the threat level. The medium CVSS score reflects moderate risk but should not be underestimated given the potential for chained exploits.

Organizations should immediately audit their PSI Probe installations and restrict access to the Whois lookup functionality, ideally limiting it to trusted administrators only. Network segmentation should be enforced to prevent PSI Probe servers from initiating arbitrary outbound requests to sensitive internal systems. Employ web application firewalls (WAFs) or network-level controls to detect and block suspicious SSRF patterns targeting PSI Probe endpoints. If possible, disable or remove the Whois component until a patch is available. Monitor logs for unusual outbound requests originating from PSI Probe servers. Consider deploying runtime application self-protection (RASP) solutions to detect SSRF attempts in real-time. Since no official patch exists, organizations should follow vendor communications closely and apply updates promptly once available. Additionally, implement strict input validation and sanitization on any user-controlled inputs related to network requests within PSI Probe or custom integrations.