CVE-2026-50887
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
In version 5.0.1 of shlink, there is a Server-Side Request Forgery (SSRF) vulnerability in the automatic short URL title resolution component, allowing attackers to scan internal resources by supplying a crafted longUrl.
Risk Assessment
Attackers may gain access to the organization's internal resources, potentially leading to the disclosure of sensitive information or further attacks on the infrastructure.
Recommendation
It is recommended to update shlink to the latest version and implement appropriate safeguards against SSRF.
Original NVD description (English source)
A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.

