CVE-2026-41170

UNKNOWN 0.0

Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" `HttpClient` without any SSRF protection. A malicious or compromised admin can use this endpoint to probe internal network services, access cloud metadata endpoints, or perform internal reconnaissance. The vulnerability is authenticated (Admin-only) but highly impactful, allowing potential access to sensitive internal resources. Version 7.23.0 contains a fix.

CWE	CWE-918
Vendor	squidex
Product	squidex
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for squidex squidex

Be the first to know when new unknown vulnerabilities affecting squidex squidex are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Squidex / squidex

< 7.23.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Squidex/squidex/security/advisories/GHSA-6q6m-7h5j-jq4g github.com: https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4