Threats Tagged 'cve-2026-31974'
View all threats tagged with 'cve-2026-31974'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-31974'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-31974: CWE-918: Server-Side Request Forgery (SSRF) in opf openprojectCVE-2026-31974 0 CVE-2026-31974 is a Server-Side Request Forgery (SSRF) vulnerability in OpenProject versions prior to 17. 2. 0. It arises from the SMTP test endpoint and webhook functionality allowing attackers with access to specify arbitrary host and port values. This enables attackers to perform internal network reconnaissance by detecting reachable IP addresses and open ports based on response timing and error differences. The vulnerability requires authenticated access and does not directly impact data integrity or availability. It has a low CVSS score of 3. 0 due to its limited impact and exploitation complexity. No known exploits are currently reported in the wild. The issue is fixed in OpenProject version 17. Join the discussion | CVE Database V5 | 03/11/2026, 19:39:25 UTC Added: 03/11/2026, 19:59:52 UTC |
Showing 1 to 1 of 1 result