CVE Catalog

CVE-2026-12813

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A vulnerability was detected in activepieces up to version 0.83.0, affecting the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the File URL Handler component. The manipulation results in server-side request forgery.

Risk Assessment

The attack can be executed remotely, posing a significant security risk to the system. The public disclosure of the exploit increases the likelihood of its use.

Recommendation

It is recommended to update to the latest version of activepieces to eliminate this vulnerability. Additionally, monitor systems for unauthorized requests.

Original NVD description (English source)

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS