← volver
CVE-2026-35037

Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

CVSS 7.2 HIGHEPSS 0.3%CWE-918
Vexday Risk Score
41Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 7.2EPSS 0.3%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
06 abr 2026Publicada en NVD
20 may 2026PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML <title> tag extraction This vulnerability is fixed in 4.2.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Productos afectados
lin-snow · Ech0
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →