Home

Description

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-03-26 | Published 2026-03-27 | Updated 2026-03-27 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Server-Side Request Forgery

Product status

e4a7f52e75093ee318b4d5a9a9db6751050d2ad0
affected

Timeline

2026-03-26:Advisory disclosed
2026-03-26:VulDB entry created
2026-03-26:VulDB entry last update

Credits

lakshay12311 (VulDB User) reporter

VulDB coordinator

References

vuldb.com/?id.353658 (VDB-353658 | Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery) vdb-entry technical-description

vuldb.com/?ctiid.353658 (VDB-353658 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.777447 (Submit #777447 | Page Replica 1.0 Server-Side Request Forgery) third-party-advisory

github.com/...yverma/CVE-Discovery/blob/main/page_replica.md exploit

cve.org (CVE-2026-4907)

nvd.nist.gov (CVE-2026-4907)

Download JSON