Summary
phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-JRFP-M64G-PCWV
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects
- HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
- HIGHGHSA-226F-F24G-524W
Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)
- MEDIUMGHSA-HMCR-RMJQ-47QR
NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
- MEDIUMGHSA-H6VV-PCQ8-7XM4
NocoDB: Server-Side Request Forgery via Base Migration URL
- MEDIUMGHSA-GPRH-27J3-G5H4
NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL