perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery_CVE-2026-11437

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-11437

Source VulDB

Published Jun 6, 2026 at 16:30

Affected Product

Vendor perfree

Product go-fastdfs-web

Version 1.3.0

Affected Versions perfree go-fastdfs-web 1.3.0
perfree go-fastdfs-web 1.3.1
perfree go-fastdfs-web 1.3.2
perfree go-fastdfs-web 1.3.3
perfree go-fastdfs-web 1.3.4
perfree go-fastdfs-web 1.3.5
perfree go-fastdfs-web 1.3.6
perfree go-fastdfs-web 1.3.7

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-06T16:30:12.201Z",
    "modified": "2026-06-06T16:30:12.201Z",
    "type": "cve",
    "title": "perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369017\nhttps://vuldb.com/vuln/369017/cti\nhttps://vuldb.com/cve/CVE-2026-11437\nhttps://vuldb.com/submit/822726\nhttps://www.notion.so/Server-Side-Request-Forgery-SSRF-in-go-fastdfs-web-Installation-Endpoint-35aea92a3c41806485ffeeac7e18126a",
    "id": "CVE-2026-11437",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "perfree go-fastdfs-web 1.3.0\nperfree go-fastdfs-web 1.3.1\nperfree go-fastdfs-web 1.3.2\nperfree go-fastdfs-web 1.3.3\nperfree go-fastdfs-web 1.3.4\nperfree go-fastdfs-web 1.3.5\nperfree go-fastdfs-web 1.3.6\nperfree go-fastdfs-web 1.3.7",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "go-fastdfs-web",
    "version": "1.3.0",
    "vendor": "perfree",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}