Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-41177— Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

CVSS 5.5 · Medium EPSS 0.05% · P14
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-41177

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction
Source: NVD (National Vulnerability Database)
Vulnerability Description
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied `Url` parameter, allowing the use of the `file://` protocol. This allows an authenticated administrator to force the backend server to interact with the local filesystem, which can lead to Local File Interaction (LFI) and potential disclosure of sensitive system information through side-channel analysis of internal logs. Version 7.23.0 contains a fix.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Squidex 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Squidex是Squidex开源的一个内容管理系统。 Squidex 7.23.0之前版本存在安全漏洞,该漏洞源于Restore API未验证用户提供的Url参数URI方案,允许使用file://协议,可能导致经过身份验证的管理员强制后端服务器与本地文件系统交互,造成本地文件交互和敏感系统信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Squidexsquidex < 7.23.0 -

II. Public POCs for CVE-2026-41177

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-41177

登录查看更多情报信息。

Same Patch Batch · Squidex · 2026-04-22 · 4 CVEs total

CVE-2026-41171SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" Htt
CVE-2026-41170Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Intern
CVE-2026-41172Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/

IV. Related Vulnerabilities

Same product: squidex
Same vendor: Squidex
Same weakness: CWE-73

V. Comments for CVE-2026-41177

No comments yet

Leave a comment