CVE-2026-12813
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A vulnerability was detected in activepieces up to version 0.83.0, affecting the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the File URL Handler component. The manipulation results in server-side request forgery.
Risk Assessment
The attack can be executed remotely, posing a significant security risk to the system. The public disclosure of the exploit increases the likelihood of its use.
Recommendation
It is recommended to update to the latest version of activepieces to eliminate this vulnerability. Additionally, monitor systems for unauthorized requests.
Original NVD description (English source)
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

