Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint_CVE-2026-47170

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.

Basic Information

ID CVE-2026-47170

Source GitHub_M

Published Jun 11, 2026 at 18:38

Affected Product

Vendor garlic-signage

Product garlic-hub

Version < 1.1

Affected Versions garlic-signage garlic-hub < 1.1

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "Garlic-Hub manages digital signage network \u2014 devices, content, and playlists \u2014 from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.",
    "published": "2026-06-11T18:38:46.120Z",
    "modified": "2026-06-11T18:38:46.120Z",
    "type": "cve",
    "title": "Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/garlic-signage/garlic-hub/security/advisories/GHSA-x24v-76hr-989r\nhttps://github.com/garlic-signage/garlic-hub/commit/076b6d70a43d9641c35cbd8042353b473e3241f5",
    "id": "CVE-2026-47170",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "garlic-signage garlic-hub < 1.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "garlic-hub",
    "version": "< 1.1",
    "vendor": "garlic-signage",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}