CVE-2026-50887 | THREATINT

Description

A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-15 | Updated 2026-06-16 | Assigner mitre

References

gist.github.com/pyuysig/9de95fb39eb089a4346570d791af99a6 exploit

gist.github.com/pyuysig/9de95fb39eb089a4346570d791af99a6

cve.org (CVE-2026-50887)

nvd.nist.gov (CVE-2026-50887)

Download JSON