CVE-2026-5126

MEDIUM 6.3

SourceCodester RSS Feed Parser file_get_contents server-side request forgery

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CWE	CWE-918
Vendor	sourcecodester
Product	rss feed parser
Published	Mar 30, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester rss feed parser

Be the first to know when new medium vulnerabilities affecting sourcecodester rss feed parser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / RSS Feed Parser

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/354158 vuldb.com: https://vuldb.com/vuln/354158/cti vuldb.com: https://vuldb.com/submit/780180 medium.com: https://medium.com/@hemantrajbhati5555/discovering-a-blind-ssrf-vulnerability-in-a-php-rss-feed-parser-243f3ccbdafb sourcecodester.com: https://www.sourcecodester.com/

Credits

🔍 Hemant Raj Bhati (VulDB User)