Description
Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server
Published: 2026-03-27
Score: n/a
EPSS: n/a
KEV: No
Impact: Server‑Side Request Forgery
Action: Assess Impact
AI Analysis

Impact

An OT CMS admin endpoint, /admin/read.php, processes the AnnounContent field by fetching the URL supplied in the request body without requiring authentication. The server subsequently returns the response of that external request to the attacker. This allows a remote attacker to instruct the application to retrieve any resource accessible from the server, including internal network services or any external website, potentially leaking sensitive data or facilitating further attacks.

Affected Systems

OTCMS installations running version 7.66 or earlier are impacted. The flaw resides exclusively in the handling of the AnnounContent field on the admin read page; no other product variants are mentioned.

Risk and Exploitability

The CVSS and EPSS scores are not available, and the vulnerability is not listed in the CISA KEV catalog. However, because the endpoint accepts arbitrary URLs without authentication and can reach internal or external hosts, exploitation is straightforward for an external attacker. The risk remains high for any system that exposes the vulnerable endpoint to the internet or to untrusted users, and malicious requests could be used to enumerate internal resources or perform further attacks.

Generated by OpenCVE AI on March 27, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the OTCMS version; a patch or newer version should be applied if available
  • If no patch exists, restrict access to /admin/read.php to authenticated users or trusted IP ranges
  • Block or limit outbound requests from the application to internal IP ranges or to a predefined whitelist of external hosts via firewall rules or a web‑application firewall
  • Log all outbound HTTP requests from the application and monitor for anomalous activity

Generated by OpenCVE AI on March 27, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery in OTCMS /admin/read.php Exposes Internal Services
Weaknesses CWE-918

Fri, 27 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-27T20:29:17.851Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30637

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T15:16:53.490

Modified: 2026-03-27T15:16:53.490

Link: CVE-2026-30637

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:29:06Z

Weaknesses