CVE-2026-34576: CWE-918: Server-Side Request Forgery (SSRF) in gitroomhq postiz-app
CVE-2026-34576 is a Server-Side Request Forgery (SSRF) vulnerability in the gitroomhq postiz-app prior to version 2. 21. 3. The vulnerable endpoint POST /public/v1/upload-from-url accepts a user-supplied URL and fetches it server-side without proper SSRF protections, relying only on a weak file extension check that can be bypassed. An authenticated API user can exploit this to access internal network resources, cloud instance metadata, and other internal services. The issue has been patched in version 2. 21. 3.
AI Analysis
Technical Summary
The postiz-app before version 2.21.3 contains an SSRF vulnerability in the POST /public/v1/upload-from-url endpoint. This endpoint uses axios.get() to fetch URLs provided by authenticated users without sufficient validation, only checking for file extensions like .png or .jpg, which can be trivially bypassed. This allows attackers with API authentication to make the server perform unauthorized requests to internal or cloud metadata services, potentially exposing sensitive data. The vulnerability is tracked as CVE-2026-34576 with a CVSS 4.0 score of 8.3 (high severity). The vendor fixed the issue in version 2.21.3.
Potential Impact
An authenticated API user can exploit this SSRF vulnerability to access internal network resources and cloud instance metadata that are normally inaccessible externally. This can lead to unauthorized disclosure of sensitive internal information. The vulnerability does not require user interaction beyond authentication and has a high severity score of 8.3.
Mitigation Recommendations
Upgrade postiz-app to version 2.21.3 or later, where this SSRF vulnerability has been patched. No other mitigations are specified or required once the official fix is applied.
CVE-2026-34576: CWE-918: Server-Side Request Forgery (SSRF) in gitroomhq postiz-app
Description
CVE-2026-34576 is a Server-Side Request Forgery (SSRF) vulnerability in the gitroomhq postiz-app prior to version 2. 21. 3. The vulnerable endpoint POST /public/v1/upload-from-url accepts a user-supplied URL and fetches it server-side without proper SSRF protections, relying only on a weak file extension check that can be bypassed. An authenticated API user can exploit this to access internal network resources, cloud instance metadata, and other internal services. The issue has been patched in version 2. 21. 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The postiz-app before version 2.21.3 contains an SSRF vulnerability in the POST /public/v1/upload-from-url endpoint. This endpoint uses axios.get() to fetch URLs provided by authenticated users without sufficient validation, only checking for file extensions like .png or .jpg, which can be trivially bypassed. This allows attackers with API authentication to make the server perform unauthorized requests to internal or cloud metadata services, potentially exposing sensitive data. The vulnerability is tracked as CVE-2026-34576 with a CVSS 4.0 score of 8.3 (high severity). The vendor fixed the issue in version 2.21.3.
Potential Impact
An authenticated API user can exploit this SSRF vulnerability to access internal network resources and cloud instance metadata that are normally inaccessible externally. This can lead to unauthorized disclosure of sensitive internal information. The vulnerability does not require user interaction beyond authentication and has a high severity score of 8.3.
Mitigation Recommendations
Upgrade postiz-app to version 2.21.3 or later, where this SSRF vulnerability has been patched. No other mitigations are specified or required once the official fix is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T16:56:30.998Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cea98ae6bfc5ba1defd477
Added to database: 4/2/2026, 5:38:18 PM
Last enriched: 4/9/2026, 10:53:18 PM
Last updated: 5/20/2026, 8:50:01 PM
Views: 52
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.