Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-10068

Source VulDB

Published May 29, 2026 at 15:45

Affected Product

Vendor Shibby

Product Tomato

Version 1.28

Affected Versions Shibby Tomato 1.28

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-05-29T15:45:10.793Z",
    "modified": "2026-05-29T15:45:10.793Z",
    "type": "cve",
    "title": "Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367154\nhttps://vuldb.com/vuln/367154/cti\nhttps://vuldb.com/submit/818237\nhttps://gitee.com/Fengyi-Wang/CVE/issues/IJD8SS",
    "id": "CVE-2026-10068",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Shibby Tomato 1.28",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tomato",
    "version": "1.28",
    "vendor": "Shibby",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery_CVE-2026-10068