CVE-2026-39087

Description

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression.

PUBLISHED Reserved 2026-04-06 | Published 2026-04-23 | Updated 2026-05-04 | Assigner mitre

References

ntfy.com

ntfysh.com

gist.github.com/MightyNawaf/5d41d6e8ead16e217f86b016002ecae5

github.com/binwiederhier/ntfy/releases/tag/v2.22.0

cve.org (CVE-2026-39087)

nvd.nist.gov (CVE-2026-39087)

Download JSON