SSRF Vulnerability in Webhooks Key Information Package: LibreDesk Affected Versions: Latest Patched Versions: None CVE ID: CVE-2026-26957 Severity: Medium Weaknesses: CWE-209, CWE-918 Component: Webhooks Module Executive Summary Description: A critical security vulnerability exists in the LibreDesk Webhooks module that allows an authenticated "Application Admin" to compromise the underlying cloud infrastructure or internal corporate network. The application fails to validate destination URLs for webhooks, allowing HTTP requests to arbitrary internal destinations. Confirmed Attack Vectors 1. Internal Port Scanning (Network Mapping) - Impact: Attackers can identify running services on the local network. - Proof of Exploitation: - Open Port (8890): - Closed Port (8891): 2. Information Leakage (Error-Based) - Impact: Attackers can extract sensitive data by targeting endpoints that return errors. - Proof of Exploitation: - Technical Root Cause 1. Missing Input Validation: only checks if the URL is empty, not if it resolves to a private IP. 2. Unrestricted HTTP Client: uses a default that follows redirects and connects to any IP. 3. Verbose Error Logging: The application logs the full response body on failure. Remediation Required 1. Input Validation: Block URLs resolving to private IP ranges and Link-Local addresses. 2. Safe HTTP Client: Use a custom that verifies the destination IP address after DNS resolution.