Description
Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted Host header, because the target URL is built from request.base_url without validation.
Published: 2026-06-24
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Server‑Side Request Forgery in the PDF generation endpoint. The backend constructs an internal URL from the request base URL without validating the Host header, allowing a malicious request to cause the server to fetch any URL. The server then embeds the retrieved content into a PDF that is returned to the attacker, which can expose internal services, cloud metadata, or other resources on the internal network, potentially leaking confidential data and enabling further attacks.

Affected Systems

Pentestify, version 1.0.0 and earlier. The advisory recommends upgrading to 1.1.0 or newer. No other vendor or product is listed.

Risk and Exploitability

The CVSS score is 6.9, indicating moderate severity. EPSS is not available, so the likelihood of exploitation is unknown, and the vulnerability is not listed in KEV. An attacker can exploit it remotely by sending an HTTP GET request to /api/reports/{id}/pdf with a crafted Host header, causing the server to perform outbound requests to arbitrary URLs.

Generated by OpenCVE AI on June 24, 2026 at 12:53 UTC.

Remediation

Vendor Solution

Upgrade to version 1.1.0 or higher

OpenCVE Recommended Actions

  • Upgrade Pentestify to version 1.1.0 or newer.
  • Configure web‑application firewall or network rules to restrict outbound HTTP/HTTPS traffic only to approved destinations.
  • Implement input validation to ensure that the Host header cannot influence the target URL.

Generated by OpenCVE AI on June 24, 2026 at 12:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted Host header, because the target URL is built from request.base_url without validation.
Title SSRF in Pentestify PDF generation endpoint via Host header
First Time appeared Pentestify
Pentestify pentestify
Weaknesses CWE-918
CPEs cpe:2.3:a:pentestify:pentestify:*:*:*:*:*:*:*:*
Vendors & Products Pentestify
Pentestify pentestify
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Pentestify Pentestify
cve-icon MITRE

Status: PUBLISHED

Assigner: Secur0

Published:

Updated: 2026-06-24T11:57:56.451Z

Reserved: 2026-06-24T10:36:43.095Z

Link: CVE-2026-13150

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:00:06Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)