CVE-2026-41172

UNKNOWN 0.0

Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as an asset. Version 7.23.0 contains a fix.

CWE	CWE-918
Vendor	squidex
Product	squidex
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for squidex squidex

Be the first to know when new unknown vulnerabilities affecting squidex squidex are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Squidex / squidex

< 7.23.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Squidex/squidex/security/advisories/GHSA-x7cq-4f4c-8qcv github.com: https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4