GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata…

1 / 2

GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers

DEV Community·CVE Reports·18 days ago

#GXhhQBy7

#karakeepv0320release #security #cve #cybersecurity #karakeep #metadata

Reading 0:00

15s threshold

GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers Vulnerability ID: GHSA-7RX4-C5VX-G8W3 CVSS Score: 8.6 Published: 2026-05-14 A critical Server-Side Request Forgery (SSRF) vulnerability exists in the Karakeep metadata extraction process prior to version 0.32.0. The flaw allows attackers to bypass primary URL validation and target internal network resources or cloud metadata services via crafted webpage metadata. TL;DR Karakeep workers are vulnerable to SSRF via the metascraper-logo-favicon plugin, which autonomously probes internal network resources during HTML parsing.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers