Description
A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-29
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Shibby Tomato 1.28 allows an attacker to manipulate the send function of the miniupnpd SUBSCRIBE call handler, causing the device to issue requests to arbitrary internal or external URLs. This server‑side request forgery (SSRF) can expose internal resources or allow the device to communicate with unintended services, potentially leading to data exposure or network-based attacks.

Affected Systems

The vulnerability is limited to the Shibby Tomato firmware version 1.28. Devices running earlier or unstated versions are not affected, and the product has been superseded by FreshTomato.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate impact, and no EPSS data is currently available. The vulnerability is not listed in the CISA KEV catalog, suggesting that known exploitation is limited or not yet documented. The attack vector is remote; an attacker can trigger the flaw remotely if UPnP functionality is exposed. While exploitation may be straightforward, the overall risk remains moderate until a public exploit is confirmed or patches become available.

Generated by OpenCVE AI on May 29, 2026 at 17:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Shibby Tomato to a supported release or migrate to FreshTomato to eliminate the vulnerability.
  • If upgrading is not immediately possible, disable UPnP and the miniupnpd service to prevent the SSRF vector from being exercised.
  • Configure the device’s firewall or router to block outbound connections initiated by the miniupnpd process to unknown destinations, thereby limiting potential misuse of the SSRF.

Generated by OpenCVE AI on May 29, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
Title Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery
First Time appeared Shibby
Shibby tomato
Weaknesses CWE-918
CPEs cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*
Vendors & Products Shibby
Shibby tomato
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Shibby Tomato
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-29T17:11:09.721Z

Reserved: 2026-05-29T08:32:34.889Z

Link: CVE-2026-10068

cve-icon Vulnrichment

Updated: 2026-05-29T17:10:39.714Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:23.750

Modified: 2026-05-29T18:16:30.663

Link: CVE-2026-10068

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses