MEDIUM🇵🇱 Wersja polska

CVE-2026-39087

CVSS 6.4v3.1pub. 2026-04-23upd. 2026-07-04

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.

🤖 AI Analysis
How it works

The vulnerability results from the use of an unanchored regular expression (CWE-94 — improper control of code/expression) to validate or filter URLs. An unanchored regular expression allows an attacker to craft input that bypasses applied security measures and forces the server to execute an HTTP request to any address — both internal and external. The attack does not require account possession or any user interaction, and a malicious request can be sent directly over the network.

Impact

An attacker can force the ntfy server to send requests to internal infrastructure resources (e.g., cloud services, instance metadata, internal APIs), which may lead to disclosure of sensitive data, integrity violation, or unavailability of services on the internal network.

Mitigation & patch

Update ntfy to version 2.22.0 or newer, available in the official repository: https://github.com/binwiederhier/ntfy/releases/tag/v2.22.0

Who is affected

ntfy in versions before 2.22.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References