Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication.
Published: 2026-01-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated SSRF enabling internal data exposure
Action: Monitor
AI Analysis

Impact

The vulnerability is an unauthenticated Server Side Request Forgery that can be triggered through the getversion.php endpoint of FOGProject when the newService=1 parameter is included and a user‑controlled URL is supplied. The flaw allows the attacker to command the FOG server to fetch arbitrary URLs or local files, giving them the ability to read internal web pages, services, or file data on the host. Depending on the exposed internal resources, this could lead to further exploitation such as additional SSRF or remote code execution if those services are vulnerable.

Affected Systems

FOGProject, specifically FOGProject 1.5.10.1754 and earlier. No fixed release available at the time of publication. The flaw is present in all installations of the indicated versions across platforms supported by FOG.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity due to the combined impact of data exposure and potential compromise of internal resources. The EPSS score is less than 1% reflecting a low probability that this flaw will be exploited in the wild at the time of analysis. The flaw is not listed as a known exploited vulnerability in the CISA KEV catalog. Exploitation requires the ability to send an HTTP request to the vulnerable endpoint, which can be done from any network that can reach the FOG server. No authentication or complex prerequisites are needed beyond sending a request with newService=1 and a URL parameter, making the attack path straightforward for an attacker with network access to the victim.

Generated by OpenCVE AI on April 18, 2026 at 03:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the FOG server by placing it behind a firewall or VPN that only allows trusted IP addresses.
  • Configure the web server to block or require authentication for the getversion.php endpoint, effectively preventing unauthenticated SSRF requests.
  • Monitor the FOGProject vulnerability tracker and promptly apply the vendor’s patch once a fixed release is issued.
  • In the interim, disallow the newService parameter or filter the URL input to ensure only approved destinations are allowed.

Generated by OpenCVE AI on April 18, 2026 at 03:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Fogproject
Fogproject fogproject
Vendors & Products Fogproject
Fogproject fogproject

Fri, 23 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication.
Title FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Fogproject Fogproject
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-23T19:56:37.266Z

Reserved: 2026-01-21T18:38:22.475Z

Link: CVE-2026-24138

cve-icon Vulnrichment

Updated: 2026-01-23T19:56:23.958Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T01:15:51.023

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses