CVE Catalog

CVE-2026-50887

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

In version 5.0.1 of shlink, there is a Server-Side Request Forgery (SSRF) vulnerability in the automatic short URL title resolution component, allowing attackers to scan internal resources by supplying a crafted longUrl.

Risk Assessment

Attackers may gain access to the organization's internal resources, potentially leading to the disclosure of sensitive information or further attacks on the infrastructure.

Recommendation

It is recommended to update shlink to the latest version and implement appropriate safeguards against SSRF.

Original NVD description (English source)

A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS