CVE-2026-46556

Summary

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Severity

medium

Also known as

GHSA-xq32-9g7q-7297

Published

2026-05-21

References

• https://github.com/flaskbb/flaskbb/security/advisories/GHSA-xq32-9g7q-7297
• https://github.com/flaskbb/flaskbb

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity