216.73.217.86

CVE-2026-4528

· Published 21/03/2026 22:16 · Modified 21/03/2026 22:16

Labels: CVE-2026-4528 2026-03-21CVE-2026-4528CWE-918[email protected]

Essential information

Published
21/03/2026 22:16
Modified
21/03/2026 22:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
trueleaf / apiflow cpe:2.3:a:trueleaf:apiflow:0.9.7:*:*:*:*:*:*:*

References