CVE-2026-57947
Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
29 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:N
Productos afectados
pinpoint-apm · pinpoint¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →