Description
CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.
Published: 2026-05-15
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CouchCMS 2.2.1 contains a server‑side request forgery flaw that can be triggered by an authenticated user uploading a malicious SVG file through the browse.php endpoint. The upload process accepts external entity references embedded in the SVG, allowing the attacker to forge arbitrary HTTP requests to internal services and resources. This can lead to data disclosure, resource manipulation, or other unintended interactions within the network. The weakness is classified as CWE‑918.

Affected Systems

CouchCMS is affected by this vulnerability in a range of released versions. The product includes versions 1.3.5, 1.4.5, 1.4.7, 1.4, 2.0, 2.1, 2.2.1, 2.2, and 2.3, as indicated by the known CPE list. Administrators should verify the exact version running on their site and compare it against this list.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is not available, suggesting a low to moderate exploitation probability. The flaw is not listed in the CISA KEV catalog, indicating no publicly known active exploits at this time. Because the vulnerability requires authenticated access to the file upload functionality, the attack surface is limited to users with upload privileges, but internal network exposure remains a concern.

Generated by OpenCVE AI on May 15, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CouchCMS to a version where the browse.php upload handler has been hardened and external entity processing removed; consult the vendor’s changelog for the release that fixes the SVG upload issue.
  • If an upgrade is not immediately possible, disable SVG uploads entirely or restrict the browse.php endpoint to a whitelist of specific MIME types, preventing external entity processing.
  • Deploy a web‑application firewall rule that inspects SVG payloads for disallowed external entity references and blocks such requests before they reach the application server.

Generated by OpenCVE AI on May 15, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.
Title CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload
First Time appeared Couchcms
Couchcms couchcms
Weaknesses CWE-918
CPEs cpe:2.3:a:couchcms:couchcms:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:1.4:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:2.0:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:2.1:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:2.2:*:*:*:*:*:*:*
cpe:2.3:a:couchcms:couchcms:2.3:*:*:*:*:*:*:*
Vendors & Products Couchcms
Couchcms couchcms
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

Couchcms Couchcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T22:56:00.813Z

Reserved: 2026-02-01T11:24:18.720Z

Link: CVE-2021-47958

cve-icon Vulnrichment

Updated: 2026-05-15T22:12:41.351Z

cve-icon NVD

Status : Received

Published: 2026-05-15T19:16:54.623

Modified: 2026-05-15T19:16:54.623

Link: CVE-2021-47958

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:00:12Z

Weaknesses