GHSA-8MC6-XJPR-H98X: GHSA-8MC6-XJPR-H98X: Server-Side Request Forgery (SSRF) in Ech0 fetchPeerCon…

1 / 2

GHSA-8MC6-XJPR-H98X: GHSA-8MC6-XJPR-H98X: Server-Side Request Forgery (SSRF) in Ech0 fetchPeerConnectInfo

DEV Community·CVE Reports·25 days ago

#Rr5euJkM

#security #cve #cybersecurity #ghsa #ech0 #ssrf

Reading 0:00

15s threshold

GHSA-8MC6-XJPR-H98X: Server-Side Request Forgery (SSRF) in Ech0 fetchPeerConnectInfo Vulnerability ID: GHSA-8MC6-XJPR-H98X CVSS Score: 8.0 Published: 2026-05-07 The Ech0 application is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-provided URLs in the peer connection management functionality. Authenticated users with the ability to add connections can force the server to execute arbitrary HTTP GET requests against internal network resources, loopback interfaces, and cloud metadata services. TL;DR A critical SSRF vulnerability in Ech0 allows authorized users to query internal networks and cloud metadata services via the connect handler, exposing sensitive environment configurations.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-8MC6-XJPR-H98X: GHSA-8MC6-XJPR-H98X: Server-Side Request Forgery (SSRF) in Ech0 fetchPeerConnectInfo