QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-41172

Back to search

CVE-2026-41172

Published: Apr 22, 2026

Modified: Apr 23, 2026

PUBLISHED

Description

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as an asset. Version 7.23.0 contains a fix.

VendorProductVersions

Squidex

squidex

affected
< 7.23.0

Weaknesses (CWE)

CWE-918

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now