CVE-2026-42140— Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious external URL. The XWiki server will attempt to connect to this URL to "render" the diagram. This issue has been patched in version 2.4.1.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

服务端请求伪造(SSRF)

PlantUML Macro 代码问题漏洞

PlantUML Macro是XWiki Contrib开源的一个从文本定义生成图表图像的工具。 PlantUML Macro 2.4.1之前版本存在代码问题漏洞，该漏洞源于未验证服务器参数提供的URL，可能导致服务端请求伪造攻击。

N/A

N/A