QD 20230821 is vulnerable to Server‑Side Request Forgery via a crafted request. Based on the vulnerability type, a malicious client can supply a specially constructed request that the server unwittingly forwards as an outbound request to an arbitrary URL. The likely impact includes unauthorized access to internal services or exposure of internal data, as the attacker is able to direct the vulnerable server to reach resources it normally would not access.

The vulnerability affects the QD 20230821 build. No vendor or product family is specified, and no version range is provided. The advisory refers only to the specific QD 20230821 instance, making it the sole affected system identified in the data.

The CVSS score is not disclosed and EPSS information is unavailable, so the exact risk level cannot be quantified. Based on typical SSRF behavior, the likely attack vector involves a user‑controlled request that forces the server to initiate outbound traffic. Because the flaw permits contacting arbitrary internal or external addresses, there is a moderate to high risk of data disclosure or service manipulation. The vulnerability is not listed in the CISA KEV catalog, and no official patch or workaround is provided; therefore, administrators should treat it as a significant risk if the service is exposed to untrusted users.