CVE-2026-41177 — Server-Side Request Forgery

/MEDIUM /CVSS 5.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severityserver-side-request-forgerycwe-73cwe-918
CVE-2026-41177 — Server-Side Request Forgery

CVE-2026-41177 — Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied `Url` parameter,

What This Means For You

  • If your environment is affected by CWE-73, CWE-918, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-41177 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1537 Transfer Data to Cloud Account Collection T1071.004 Web Protocols Command and Control

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

Squidex Restore API Blind SSRF with file:// protocol — CVE-2026-41177

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41177 vulnerability CVE-2026-41177
CWE-73 weakness CWE-73
CWE-918 weakness CWE-918

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 01:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6878 — ByteDance Verl Vulnerability

CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...

vulnerabilityCVEmedium-severitycwe-264cwe-265
/SCW Vulnerability Desk /MEDIUM /5.6 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up

CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

vulnerabilityCVEmedium-severitycwe-350
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

IBM Storage Console Flaw: Unauthenticated RCE Risk

CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...

vulnerabilityCVEhigh-severitycwe-78
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma