Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 04 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:flowintel:flowintel:*:*:*:*:*:*:*:* | |
| Metrics |
cvssV3_1
|
Sat, 30 May 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Flowintel
Flowintel flowintel |
|
| Vendors & Products |
Flowintel
Flowintel flowintel |
Thu, 28 May 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 28 May 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context. | |
| Title | FlowIntel external reference URL probe allows server-side request forgery | |
| Weaknesses | CWE-918 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: CIRCL
Published:
Updated: 2026-05-28T10:31:00.608Z
Reserved: 2026-05-28T09:25:37.499Z
Link: CVE-2026-9813
Updated: 2026-05-28T10:30:55.766Z
Status : Analyzed
Published: 2026-05-28T10:16:40.243
Modified: 2026-06-04T18:03:33.367
Link: CVE-2026-9813
No data.
OpenCVE Enrichment
Updated: 2026-05-30T21:19:15Z