๐Ÿ” CVE Alert

CVE-2026-54562

MEDIUM 6.5

Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read imported responses

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or redirect-to-loopback targets, allowing a non-admin user with remote download permission to fetch internal-only URLs and read the response after it is imported into the user's own files. This issue is fixed in version 4.16.1.

CWE CWE-918
Vendor cloudreve
Product cloudreve
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for cloudreve cloudreve

Be the first to know when new medium vulnerabilities affecting cloudreve cloudreve are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

cloudreve / cloudreve
< 4.16.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/cloudreve/cloudreve/security/advisories/GHSA-x756-g4x3-c64m github.com: https://github.com/cloudreve/cloudreve/commit/aaebf317a78f2413d74afd66c21a1f3143711312 github.com: https://github.com/cloudreve/cloudreve/releases/tag/4.16.1