CVE-2026-33537 — Lychee is a free, open-source photo-management tool. The patch introduced for…

April 01, 2026 21:56 /HIGH

CVE Notify vulnerabilitycvetoolsdata-breach

🚨 CVE-2026-33537 Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (SSRF via `Photo::fromUrl`) contains an incomplete IP…

https://github.com/LycheeOrg/Lychee/commit/41386677681d18cd04e42a35b50bd88bf53a4a6a

What This Means For You

New vulnerability disclosed — verify if your stack is exposed.
New tool or resource available — evaluate for your security workflow.

Indicators of Compromise

ID	Type	Indicator
CVE-2026-33537	SSRF	Lychee photo-management tool, SSRF via Photo::fromUrl, incomplete IP address validation

Source & Attribution

Source Platform	Telegram
Channel	CVE Notify
Channel ID	1129491012
Message ID	157603
Published	April 01, 2026 at 21:56 UTC
Original Link	https://github.com/LycheeOrg/Lychee/commit/41386677681d18...

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Found this interesting? Follow us on LinkedIn to stay ahead.

Follow Shimi Cohen Follow Shimi's Cyber World