CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/lintsinghua/DeepAudit/	Product
https://github.com/lintsinghua/DeepAudit/commit/da853fdd8cbe9d42053b45d83f25708ba29b8b27	Patch
https://github.com/lintsinghua/DeepAudit/issues/144	Issue Tracking
https://github.com/lintsinghua/DeepAudit/pull/145	Issue Tracking Patch
https://github.com/lintsinghua/DeepAudit/releases/tag/v3.0.4	Release Notes
https://vuldb.com/?ctiid.346120	Permissions Required VDB Entry
https://vuldb.com/?id.346120	Third Party Advisory VDB Entry
https://vuldb.com/?submit.748220	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:lintsinghua:deepaudit:*:*:*:*:*:*:*:*

History

28 Feb 2026, 00:38

Type	Values Removed	Values Added
References	~~() https://github.com/lintsinghua/DeepAudit/ -~~	() https://github.com/lintsinghua/DeepAudit/ - Product
References	~~() https://github.com/lintsinghua/DeepAudit/commit/da853fdd8cbe9d42053b45d83f25708ba29b8b27 -~~	() https://github.com/lintsinghua/DeepAudit/commit/da853fdd8cbe9d42053b45d83f25708ba29b8b27 - Patch
References	~~() https://github.com/lintsinghua/DeepAudit/issues/144 -~~	() https://github.com/lintsinghua/DeepAudit/issues/144 - Issue Tracking
References	~~() https://github.com/lintsinghua/DeepAudit/pull/145 -~~	() https://github.com/lintsinghua/DeepAudit/pull/145 - Issue Tracking, Patch
References	~~() https://github.com/lintsinghua/DeepAudit/releases/tag/v3.0.4 -~~	() https://github.com/lintsinghua/DeepAudit/releases/tag/v3.0.4 - Release Notes
References	~~() https://vuldb.com/?ctiid.346120 -~~	() https://vuldb.com/?ctiid.346120 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.346120 -~~	() https://vuldb.com/?id.346120 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.748220 -~~	() https://vuldb.com/?submit.748220 - Third Party Advisory, VDB Entry
First Time		Lintsinghua Lintsinghua deepaudit
CPE		cpe:2.3:a:lintsinghua:deepaudit::::::::

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue detectada en lintsinghua DeepAudit hasta 3.0.3. Este problema afecta algún procesamiento desconocido del archivo backend/app/API/v1/endpoints/embedding_config.py del componente Manejador de Dirección IP. Realizar una manipulación resulta en falsificación de petición del lado del servidor. Es posible iniciar el ataque remotamente. Actualizar a la versión 3.0.4 y 3.1.0 es capaz de abordar este problema. El parche se llama da853fdd8cbe9d42053b45d83f25708ba29b8b27. Se sugiere actualizar el componente afectado.

16 Feb 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-16 04:15

Updated : 2026-02-28 00:38

NVD link : CVE-2026-2532

Mitre link : CVE-2026-2532

CVE.ORG link : CVE-2026-2532

JSON object : View

Products Affected

lintsinghua

deepaudit

CWE

CWE-918

Server-Side Request Forgery (SSRF)

6.3 /10