CVE-2026-47170

HIGH 7.7

Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

CVSS Score

7.7

EPSS Score

0.0%

EPSS Percentile

0th

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.

CWE	CWE-918
Vendor	garlic-signage
Product	garlic-hub
Published	Jun 11, 2026

Stay Ahead of the Next One

Get instant alerts for garlic-signage garlic-hub

Be the first to know when new high vulnerabilities affecting garlic-signage garlic-hub are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

garlic-signage / garlic-hub

< 1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/garlic-signage/garlic-hub/security/advisories/GHSA-x24v-76hr-989r github.com: https://github.com/garlic-signage/garlic-hub/commit/076b6d70a43d9641c35cbd8042353b473e3241f5