Vulnerabilities ›

CVE-2026-11437

High

CWE-918 — Weakness Type

                    Published: Jun 6, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-11437 is a server-side request forgery (SSRF) vulnerability in go-fastdfs-web versions up to 1.3.7 affecting the checkServer installation endpoint. Remote attackers can exploit this flaw without authentication to perform unauthorized requests from the affected server.

📄 Description (Arabic)

ثغرة SSRF في go-fastdfs-web تؤثر على نقطة نهاية التثبيت /install/checkServer في الإصدارات حتى 1.3.7. يمكن للمهاجمين البعيدين استغلال هذه الثغرة لتنفيذ طلبات غير مصرح بها من خادم التطبيق المتأثر. تم نشر الاستغلال علناً والبائع لم يستجب للإفصاح المسؤول.

🤖 ملخص تنفيذي (AI)

A server-side request forgery vulnerability exists in go-fastdfs-web up to version 1.3.7 in the installation endpoint. This allows remote attackers to manipulate the checkServer function and perform unauthorized server requests.

🤖 AI Intelligence Analysis Analyzed: Jun 10, 2026 01:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1498 T1570

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade go-fastdfs-web to version 1.3.8 or later immediately. Implement network segmentation to restrict outbound connections from the application server. Apply input validation and sanitization to the checkServer endpoint. Disable or restrict access to the /install/checkServer endpoint in production environments. Monitor for suspicious outbound connections from the affected systems.

🔧 خطوات المعالجة (العربية)

قم بترقية go-fastdfs-web إلى الإصدار 1.3.8 أو أحدث فوراً. طبق تقسيم الشبكة لتقييد الاتصالات الصادرة من خادم التطبيق. طبق التحقق من صحة المدخلات على نقطة نهاية checkServer. عطل أو قيد الوصول إلى نقطة النهاية /install/checkServer في بيئات الإنتاج. راقب الاتصالات الصادرة المريبة من الأنظمة المتأثرة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.9.1.1 A.9.2.1 A.9.4.1

🔵 SAMA CSF

ID.RA-1 PR.DS-1 PR.AC-1

🟡 ISO 27001:2022

A.12.6.1 A.13.1.3 A.14.2.1

🔗 References & Sources 5

🔗

https://vuldb.com/cve/CVE-2026-11437

cna@vuldb.com

🔗

https://vuldb.com/submit/822726

cna@vuldb.com

🔗

https://vuldb.com/vuln/369017

cna@vuldb.com

🔗

https://vuldb.com/vuln/369017/cti

cna@vuldb.com

🔗

https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-go-fastdfs-web-Installation-E...

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-918

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-06-06

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-11437

Introduce Yourself

Sign In Required