CVE-2026-3750 is a server-side request forgery vulnerability affecting ContiNew Admin software versions 4.0, 4.1, and 4.2.0. The flaw resides in the URI.create function within the Storage Management Module, specifically in the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java. This function improperly handles input that can be manipulated by an attacker to forge server-side requests. SSRF vulnerabilities allow attackers to make the server perform unintended requests to internal or external systems, potentially bypassing firewalls and accessing sensitive internal resources. The vulnerability can be exploited remotely without user interaction but requires the attacker to have high privileges on the system, which limits the attack surface somewhat. The vendor was notified early but has not issued any patches or advisories, and the exploit details have been publicly disclosed, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required for attack (though the vector states PR:H, which suggests high privileges are needed), no user interaction, and low impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet. The absence of patches means organizations must rely on compensating controls to mitigate risk.

If successfully exploited, this SSRF vulnerability could allow attackers to coerce the ContiNew Admin server to send crafted requests to internal systems, potentially exposing sensitive information or enabling further attacks such as internal network reconnaissance, access to metadata services, or exploitation of other internal vulnerabilities. Although the impact on confidentiality, integrity, and availability is rated low individually, the SSRF can serve as a pivot point for more severe attacks within a compromised environment. The requirement for high privileges to exploit reduces the likelihood of remote exploitation by low-privileged attackers but does not eliminate risk from insider threats or attackers who have already gained elevated access. The lack of vendor response and patches increases the window of exposure. Organizations relying on ContiNew Admin for storage management may face disruptions or data breaches if attackers leverage this vulnerability.

Since no official patches are available, organizations should implement network-level restrictions to limit the ContiNew Admin server's ability to make arbitrary outbound requests, especially to internal IP ranges and sensitive services. Employ strict egress filtering and firewall rules to block unauthorized internal and external connections initiated by the server. Monitor logs for unusual outbound requests originating from ContiNew Admin components. Restrict access to ContiNew Admin interfaces to trusted administrators only and enforce the principle of least privilege to reduce the risk of high-privilege account compromise. Consider deploying web application firewalls (WAFs) with custom rules to detect and block SSRF attack patterns targeting the URI.create function. Additionally, conduct internal audits to identify any signs of exploitation and prepare incident response plans. Organizations should track vendor communications for any forthcoming patches and apply them promptly once available.