CVE-2026-3750

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-3750
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3750.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3750
Published
2026-03-08T17:16:08.467Z
Modified
2026-04-10T05:43:06.768970Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/continew-org/continew-admin

Affected ranges

Type
GIT
Repo
https://github.com/continew-org/continew-admin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e0e3294b3d56c114e2afbc36aac38506fdcd0d0d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v3.*
v3.0.0
v3.0.1
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.4.1
v3.5.0
v3.6.0
v4.*
v4.0.0
v4.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3750.json"