CVE-2026-11437
perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
13th
A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-918 |
| Vendor | perfree |
| Product | go-fastdfs-web |
| Published | Jun 6, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for perfree go-fastdfs-web
Be the first to know when new high vulnerabilities affecting perfree go-fastdfs-web are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
perfree / go-fastdfs-web
1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7
References
vuldb.com: https://vuldb.com/vuln/369017 vuldb.com: https://vuldb.com/vuln/369017/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11437 vuldb.com: https://vuldb.com/submit/822726 notion.so: https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-go-fastdfs-web-Installation-Endpoint-35aea92a3c41806485ffeeac7e18126a
Credits
๐ din4 (VulDB User) VulDB CNA Team