CVE-2026-27706 - Vulnerability Details

- Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Description

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.

Published: 2026-02-25

Score: 7.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An authenticated user with general privileges can add a link in Plane’s "Add Link" feature, prompting the server to fetch arbitrary URLs. The fetched response body is returned to the attacker, allowing the acquisition of internal network data, cloud metadata, or other sensitive resources. The flaw does not provide code execution or privilege escalation, but exposes confidential information and can be used to map internal services.

Affected Systems

The vulnerability affects the Plane project management tool from makeplane. All installations running a version older than 1.2.2 are impacted; version 1.2.2 and later include the fix.

Risk and Exploitability

The CVSS score of 7.7 indicates high risk, while the EPSS score of less than 1% suggests that current exploitation activity is low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be a web-based SSRF performed by an authenticated user; no additional privilege escalation is required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

makeplane

plane

affected

Version	Status	Constraints
`< 1.2.2`	affected	—

Configuration 1 [-]

cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Makeplane

Plane

100%

Version	Status	Scheme	Platform
`[0,1.2.2)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Plane to version 1.2.2 or later, which removes the SSRF flaw.
If an immediate upgrade is not possible, restrict the "Add Link" feature to administrators or disable it entirely for standard users.
Implement network segmentation or firewall rules to block outbound requests from the Plane application to internal or cloud metadata endpoints.

Generated by OpenCVE AI on April 18, 2026 at 10:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/makeplane/plane/releases/tag/v1.2.2
https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw

History

Fri, 27 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Plane Plane plane
CPEs		cpe:2.3:a:plane:plane::::::::
Vendors & Products		Plane Plane plane

Fri, 27 Feb 2026 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Makeplane Makeplane plane
Vendors & Products		Makeplane Makeplane plane

Wed, 25 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
Title		Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature
Weaknesses		CWE-918
References		https://github.com/makeplane/plane/releases/tag/v1.2.2 https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

Subscriptions

Makeplane Plane

Plane Plane

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-25T15:56:11.220Z

Updated: 2026-02-25T20:13:05.310Z

Reserved: 2026-02-23T17:56:51.202Z

Link: CVE-2026-27706

Vulnrichment

Updated: 2026-02-25T20:12:53.756Z

NVD

Status : Analyzed

Published: 2026-02-25T17:25:39.740

Modified: 2026-02-27T17:36:19.910

Link: CVE-2026-27706

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object