CVE-2026-35037: CWE-918: Server-Side Request Forgery (SSRF) in lin-snow Ech0
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML <title> tag extraction This vulnerability is fixed in 4.2.8.
AI Analysis
Technical Summary
CVE-2026-35037 is a high-severity SSRF vulnerability (CWE-918) in the Ech0 open-source publishing platform before version 4.2.8. The vulnerability exists because the GET /api/website/title endpoint accepts an arbitrary URL parameter and performs a server-side HTTP request without validating the destination. This allows unauthenticated attackers to send requests to internal or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability is addressed in Ech0 version 4.2.8.
Potential Impact
An attacker can exploit this SSRF vulnerability to access internal network resources, cloud metadata services (such as 169.254.169.254), and localhost services that are normally inaccessible externally. This can lead to partial data leakage via the HTML <title> tag extraction mechanism. The vulnerability does not allow direct denial of service or full data exfiltration but can disclose sensitive internal information, which may facilitate further attacks.
Mitigation Recommendations
Upgrade Ech0 to version 4.2.8 or later, where this SSRF vulnerability is fixed. Since the vulnerability is resolved in the updated version, no additional mitigation steps are required beyond applying the official patch. Patch status is confirmed by the vendor advisory stating the fix is included in version 4.2.8.
CVE-2026-35037: CWE-918: Server-Side Request Forgery (SSRF) in lin-snow Ech0
Description
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML <title> tag extraction This vulnerability is fixed in 4.2.8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35037 is a high-severity SSRF vulnerability (CWE-918) in the Ech0 open-source publishing platform before version 4.2.8. The vulnerability exists because the GET /api/website/title endpoint accepts an arbitrary URL parameter and performs a server-side HTTP request without validating the destination. This allows unauthenticated attackers to send requests to internal or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability is addressed in Ech0 version 4.2.8.
Potential Impact
An attacker can exploit this SSRF vulnerability to access internal network resources, cloud metadata services (such as 169.254.169.254), and localhost services that are normally inaccessible externally. This can lead to partial data leakage via the HTML <title> tag extraction mechanism. The vulnerability does not allow direct denial of service or full data exfiltration but can disclose sensitive internal information, which may facilitate further attacks.
Mitigation Recommendations
Upgrade Ech0 to version 4.2.8 or later, where this SSRF vulnerability is fixed. Since the vulnerability is resolved in the updated version, no additional mitigation steps are required beyond applying the official patch. Patch status is confirmed by the vendor advisory stating the fix is included in version 4.2.8.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T21:06:06.428Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3ea320a160ebd92c9fd8a
Added to database: 4/6/2026, 5:15:30 PM
Last enriched: 4/6/2026, 5:30:52 PM
Last updated: 4/7/2026, 5:44:12 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.