Home

Description

Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted Host header, because the target URL is built from request.base_url without validation.

PUBLISHED Reserved 2026-06-24 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Secur0




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-918 Server-Side request forgery (SSRF)

Product status

Default status
unaffected

Any version before 1.1.0
affected

Credits

Dario Rivas Quero from Secur0 security team finder

Cristian Fernandez Cornejo from Secur0 security team finder

Mario Alvarez Fernandez remediation developer

Xoan M. Otero Jorge analyst

Secur0 CNA coordinator

References

github.com/...ommit/a058a22b42c6311895622645265df79a60265b1d patch

cve.org (CVE-2026-13150)

nvd.nist.gov (CVE-2026-13150)

Download JSON