Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-36756

EPSS 0.03% · P8
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-36756

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Halo 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Halo是Halo开源的一个强大易用的开源建站工具。 Halo 2.22.14版本存在代码问题漏洞,该漏洞源于/plugins/-/install-from-uri端点存在服务端请求伪造,可能导致经过身份验证的攻击者通过特制GET请求扫描内部资源。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2026-36756

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-36756

登录查看更多情报信息。

Same Patch Batch · n/a · 2026-04-30 · 23 CVEs total

CVE-2025-130307.1 HIGHdjango-mdeditor 访问控制错误漏洞
CVE-2026-36757Halo 代码问题漏洞
CVE-2025-56568Open5GS 安全漏洞
CVE-2025-46115Open5GS 输入验证错误漏洞
CVE-2026-36766Shopizer 跨站脚本漏洞
CVE-2026-36761JeeSite 跨站脚本漏洞
CVE-2026-36765SpringBlade 代码问题漏洞
CVE-2026-36762JeeSite 路径遍历漏洞
CVE-2026-36763SpringBlade 跨站脚本漏洞
CVE-2026-36764SpringBlade 代码问题漏洞
CVE-2026-36760JeeSite 路径遍历漏洞
CVE-2026-36767Shopizer 路径遍历漏洞
CVE-2026-36758Halo 代码问题漏洞
CVE-2026-36340Webkul Krayin CRM 代码注入漏洞
CVE-2026-36759Halo 代码问题漏洞
CVE-2026-38939E-commerce 跨站脚本漏洞
CVE-2026-38940Toko Online Roti 跨站脚本漏洞
CVE-2026-36960U-SPEED N300 跨站请求伪造漏洞
CVE-2026-36958U-SPEED N300 资源管理错误漏洞
CVE-2026-36957Dbit N300 T1 Pro 资源管理错误漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2026-36756

No comments yet

Leave a comment