Skip to content
cyberMEDIUM2026-05-08 22:26 UTC

CVE-2026-42346 - Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths

CVE ID :CVE-2026-42346 Published : May 8, 2026, 10:26 p.m. | 37 minutes ago Description :Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerabilit

ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

Editorial policy · Report a correction