ZenTao Webhook model.php fetchHook server-side request forgery_CVE-2026-1884

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-1884

Source VulDB

Published Feb 4, 2026 at 21:32

Affected Product

Vendor n/a

Product ZenTao

Version 21.7.6-85642

Affected Versions n/a ZenTao 21.7.6-85642

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-04T21:32:08.978Z",
    "modified": "2026-02-04T21:32:08.978Z",
    "type": "cve",
    "title": "ZenTao Webhook model.php fetchHook server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344264\nhttps://vuldb.com/?ctiid.344264\nhttps://vuldb.com/?submit.742633\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/9\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574",
    "id": "CVE-2026-1884",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "n/a ZenTao 21.7.6-85642",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZenTao",
    "version": "21.7.6-85642",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}