CVE-2026-30404

{"id": "CVE-2026-30404", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-19T16:16:02.060", "references": [{"url": "https://github.com/TTTlw1024/qwe/issues/3", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/tianshiyeben/wgcloud/issues/98", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations."}, {"lang": "es", "value": "La caracter\u00edstica de prueba de conexi\u00f3n de gesti\u00f3n de base de datos de backend en wgcloud v3.6.3 tiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF). Este problema puede ser explotado para hacer que el servidor env\u00ede peticiones para sondear la red interna, descargar archivos maliciosos de forma remota y realizar otras operaciones peligrosas."}], "lastModified": "2026-04-02T12:20:21.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wgstart:wgcloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE012BD6-0C9B-4F63-957E-78C9565F977C", "versionEndIncluding": "3.6.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}