Vulnerabilities ›

CVE-2026-5623

Medium

CWE-918 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 6, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-5623 is a Server-Side Request Forgery (SSRF) vulnerability in Huly Platform 0.7.382 affecting the Import Endpoint with a CVSS score of 6.3 (medium). The vulnerability allows remote attackers to manipulate server requests, potentially leading to unauthorized access to internal resources, data exfiltration, or lateral movement within organizational networks. With no patch available and the vendor unresponsive, immediate compensating controls are critical for affected Saudi organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 19, 2026 16:49

🇸🇦 Saudi Arabia Impact Assessment

This SSRF vulnerability poses significant risk to Saudi organizations using Huly Platform, particularly: (1) Government agencies and NCA-regulated entities relying on Huly for document management and collaboration; (2) Banking and financial institutions (SAMA-regulated) using the platform for internal communications; (3) Healthcare organizations managing sensitive patient data; (4) Energy sector organizations (ARAMCO, utilities) using Huly for operational coordination. The vulnerability enables attackers to access internal APIs, databases, and cloud services, potentially compromising classified government data, financial records, or critical infrastructure communications.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services Healthcare and Medical Services Energy and Utilities Telecommunications Education and Research Defense and Security

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1498 - Network Denial of Service T1557 - Man-in-the-Middle T1040 - Traffic Redirection T1021 - Remote Services T1570 - Lateral Tool Transfer T1005 - Data from Local System T1530 - Data from Cloud Storage

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Inventory all Huly Platform 0.7.382 instances across your organization and isolate affected systems from production networks if possible

2. Implement network segmentation to restrict outbound connections from Huly servers to internal resources (databases, APIs, cloud services)

3. Deploy Web Application Firewall (WAF) rules to block suspicious Import Endpoint requests with unusual URL patterns or internal IP addresses

4. Enable comprehensive logging and monitoring of all Import Endpoint requests, capturing source IPs, request payloads, and destination URLs



COMPENSATING CONTROLS:

5. Implement strict input validation and URL whitelisting for the Import Endpoint - only allow imports from pre-approved external sources

6. Restrict Huly server network access using firewall rules - deny connections to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and metadata services

7. Disable the Import Endpoint entirely if not actively used; if required, restrict access to authenticated users only via VPN

8. Deploy reverse proxy with request filtering in front of Huly to validate and sanitize import requests



DETECTION RULES:

9. Monitor for requests to Import Endpoint containing: localhost, 127.0.0.1, internal IP ranges, AWS metadata endpoints (169.254.169.254), cloud provider internal IPs

10. Alert on Import Endpoint requests with file:// or gopher:// protocols

11. Track failed authentication attempts and unusual import patterns

12. Establish baseline of normal import sources and alert on deviations



UPGRADE PLANNING:

13. Contact Huly vendor regularly for patch availability; consider alternative collaboration platforms if vendor remains unresponsive

14. Evaluate migration to patched versions or alternative solutions with active security support

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع نسخ منصة Huly 0.7.382 عبر مؤسستك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن

2. طبق تقسيم الشبكة لتقييد الاتصالات الصادرة من خوادم Huly إلى الموارد الداخلية (قواعد البيانات والواجهات البرمجية والخدمات السحابية)

3. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب طلبات نقطة الاستيراد المريبة التي تحتوي على أنماط عناوين URL غير عادية أو عناوين IP داخلية

4. فعّل تسجيل المراقبة الشاملة لجميع طلبات نقطة الاستيراد، مع التقاط عناوين IP المصدر وحمولات الطلبات وعناوين URL الوجهة

الضوابط التعويضية:

5. طبق التحقق الصارم من المدخلات وقائمة بيضاء لعناوين URL لنقطة الاستيراد - السماح فقط باستيراد من مصادر خارجية معتمة مسبقاً

6. قيّد وصول شبكة خادم Huly باستخدام قواعد جدار الحماية - رفض الاتصالات بنطاقات IP الداخلية والخدمات الوصفية

7. عطّل نقطة الاستيراد بالكامل إذا لم تكن قيد الاستخدام النشط؛ إذا لزم الأمر، قيّد الوصول للمستخدمين المصرح لهم فقط عبر VPN

8. نشر خادم وكيل عكسي مع تصفية الطلبات أمام Huly للتحقق من صحة وتنظيف طلبات الاستيراد

قواعد الكشف:

9. راقب طلبات نقطة الاستيراد التي تحتوي على: localhost أو 127.0.0.1 أو نطاقات IP داخلية أو نقاط نهاية بيانات AWS الوصفية

10. أصدر تنبيهات لطلبات نقطة الاستيراد باستخدام بروتوكولات file:// أو gopher://

11. تتبع محاولات المصادقة الفاشلة والأنماط غير العادية للاستيراد

12. أنشئ خط أساس للمصادر العادية للاستيراد وأصدر تنبيهات عند الانحرافات

تخطيط الترقية:

13. اتصل بشكل منتظم ببائع Huly للحصول على توفر التصحيحات؛ فكر في منصات تعاون بديلة إذا ظل البائع غير مستجيب

14. قيّم الهجرة إلى إصدارات معدلة أو حلول بديلة مع دعم أمان نشط

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for supplier relationships ECC 2024 A.14.2.5 - Addressing information security in supplier agreements ECC 2024 A.13.1.3 - Segregation of networks ECC 2024 A.13.2.1 - Network access control ECC 2024 A.14.3.1 - Management of information security incidents

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software, platforms, and applications inventory SAMA CSF PR.AC-3 - Access control and authentication mechanisms SAMA CSF PR.DS-2 - Data security and protection SAMA CSF DE.CM-1 - Detection and monitoring of anomalous activity SAMA CSF RS.MI-1 - Incident response and mitigation

🟡 ISO 27001:2022

ISO 27001:2022 A.5.23 - Information security for supplier relationships ISO 27001:2022 A.8.1 - User endpoint devices ISO 27001:2022 A.8.2 - Privileged access rights ISO 27001:2022 A.8.3 - Information access restriction ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 11.2 - Vulnerability scanning and assessment

🔗 References & Sources 3

🔗

https://vuldb.com/submit/785632

cna@vuldb.com

🔗

https://vuldb.com/vuln/355413

cna@vuldb.com

🔗

https://vuldb.com/vuln/355413/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-918

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5623

💬 Comments

Introduce Yourself

Sign In Required