CVE-2026-43936

MEDIUM 4.3

e107: Server-Side Request Forgery (SSRF) in the remote file fetcher

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.

CWE	CWE-918
Vendor	e107inc
Product	e107
Published	May 26, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for e107inc e107

Be the first to know when new medium vulnerabilities affecting e107inc e107 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

e107inc / e107

< 2.3.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp github.com: https://github.com/e107inc/e107/commit/40b2d111 github.com: https://github.com/e107inc/e107/commit/5f98cc9f