Threats Tagged 'cve-2026-32301'
View all threats tagged with 'cve-2026-32301'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-32301'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-32301: CWE-918: Server-Side Request Forgery (SSRF) in centrifugal centrifugoCVE-2026-32301 0 CVE-2026-32301 is a critical Server-Side Request Forgery (SSRF) vulnerability in Centrifugo versions prior to 6.7.0. It arises when Centrifugo is configured with a dynamic JWKS endpoint URL that uses template variables such as {{tenant}}. An unauthenticated attacker can craft a malicious JWT with manipulated iss or aud claims, which are interpolated into the JWKS fetch URL before signature verification. This causes Centrifugo to make outbound HTTP requests to attacker-controlled destinations, potentially exposing internal network resources or enabling further attacks. The vulnerability has a CVSS score of 9.3, indicating high severity with critical impact on confidentiality. No known exploits are currently reported in the wild. The issue is fixed in version 6. Join the discussion | CVE Database V5 | 03/12/2026, 21:19:03 UTC Added: 03/12/2026, 21:44:47 UTC |
Showing 1 to 1 of 1 result