216.73.217.50

CVE-2024-13971

· Published 30/04/2026 13:16 · Modified 30/04/2026 15:48

Labels: CVE-2024-13971 2026-04-3023637b5d-af4c-4cf9-b8f6-deb7fd0f8423CVE-2024-13971CWE-611

Essential information

Published
30/04/2026 13:16
Modified
30/04/2026 15:48
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
23637b5d-af4c-4cf9-b8f6-deb7fd0f8423
NVD
View on NVD

Affected products (CPE)

ProductCPE
lobster / lobster pro cpe:2.3:a:lobster:lobster_pro:<4.12.6-GA:*:*:*:*:*:*:*

References