Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attackers can exploit the lack of destination validation and the default passphrase 'opendoor' to send blind HTTP requests to arbitrary internal or external hosts not otherwise directly accessible.
References
| Link | Resource |
|---|---|
| https://www.vulncheck.com/advisories/sustainable-irrigation-platform-ssrf-via-node-red-callback-url | Third Party Advisory |
| https://www.zeroscience.mk/#/advisories/ZSL-2026-5998 | Exploit Third Party Advisory |
Configurations
History
14 Jul 2026, 19:04
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dan-in-ca
Dan-in-ca sustainable Irrigation Platform |
|
| CPE | cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:* | |
| References | () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-ssrf-via-node-red-callback-url - Third Party Advisory | |
| References | () https://www.zeroscience.mk/#/advisories/ZSL-2026-5998 - Exploit, Third Party Advisory |
14 Jul 2026, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-14 15:17
Updated : 2026-07-15 19:18
NVD link : CVE-2026-58478
Mitre link : CVE-2026-58478
CVE.ORG link : CVE-2026-58478
JSON object : View
Products Affected
dan-in-ca
- sustainable_irrigation_platform
CWE
CWE-918
Server-Side Request Forgery (SSRF)
