CVE-2026-41171

Source
https://cve.org/CVERecord?id=CVE-2026-41171
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41171.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41171
Aliases
  • GHSA-4m22-gvqm-jv97
Published
2026-04-22T21:16:14.013Z
Modified
2026-07-08T08:05:12.064903431Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient
Details

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions (getJSON, request, etc.). An authenticated user with low privileges (e.g., schema editing permissions) can force the server to make arbitrary outbound HTTP requests to attacker-controlled or internal endpoints. This allows access to internal services and cloud metadata endpoints (e.g., IMDS), potentially leading to credential exposure and lateral movement. Version 7.23.0 contains a fix.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41171.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/squidex/squidex

Affected ranges

Type
GIT
Repo
https://github.com/squidex/squidex
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.23.0"
        }
    ]
}

Affected versions

17.*
17.4.0
3.*
3.0.0
3.1.0
3.2.0
3.2.1
3.3.0
3.4.0
3.5.0
4.*
4.0.0
4.0.0-beta1
4.0.1
4.0.2
4.0.3
4.1.0
4.1.0-beta1
4.1.0-rc
4.1.1
4.1.2
4.2.0
4.2.0-beta1
4.2.0-beta2
4.3.0
4.4.0
4.4.0-rc
4.5.0
5.*
5.0.0
5.0.0-beta1
5.0.0-beta2
5.1.0
5.1.1
5.2.0
5.2.1
5.3.0
5.4.0
5.5.0
5.6.0
5.7.0
5.8.0
5.8.1
5.8.2
5.9.0
6.*
6.0.0
6.0.1
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.7.0
6.8.0
7.*
7.0.0
7.0.0-rc1
7.0.0-rc2
7.0.0-rc3
7.0.1
7.0.2
7.0.3
7.1.0
7.10.0
7.11.0
7.12.0
7.13.0
7.14.0
7.15.0
7.16.0
7.17.0
7.19.0
7.2.0
7.20.0
7.21.0
7.22.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.0
7.8.0
7.8.1
7.8.2
7.9.0
v1.*
v1.0
v1.0-beta1
v1.0-beta2
v1.0-beta3
v1.1
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.8.0
v1.9.0
v2.*
v2.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41171.json"