CVE-2026-41170 - Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests
CVE ID :CVE-2026-41170 Published : April 22, 2026, 9:13 p.m. | 27 minutes ago Description :Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an arbi
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] I passed the technical Interview and am on the last one with a VP but I still don't feel ready / imposter.
- [CYBER] Commentary: Why emerging markets are dismissing bad Iran news
- [CYBER] CVE-2026-41168 - pypdf has possible long runtimes for wrong size values in cross-reference and object streams
- [CYBER] CVE-2026-41167 - Jellystat has SQL Injection that leads to to Remote Code Execution
- [CYBER] CVE-2026-41166 - OpenRemote has Improper Access Control via updateUserRealmRoles function
- [CYBER] CVE-2026-41134 - Kiota: Code Generation Literal Injection