Description
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
Published: 2026-04-30
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability exploits an SSRF flaw in Halo’s /plugins/-/install-from-uri endpoint, which is reachable only by authenticated users. By sending a specially crafted GET request, an attacker can force the server to issue HTTP requests to arbitrary internal URLs, enabling the discovery and retrieval of sensitive data or services that are otherwise unreachable from the public network. The flaw provides a direct path for internal network reconnaissance and could be leveraged as a foothold for further attacks if internal resources are accessed or exfiltrated.

Affected Systems

Halo version 2.22.14 is affected by the SSRF flaw in its install-from-uri endpoint. No other versions are explicitly listed; the vulnerability was identified in the specified release and may also affect earlier or later unreleased builds that contain unchanged code.

Risk and Exploitability

The vulnerability has a CVSS score of 5.4, and an EPSS value is not available. It is not listed in the CISA KEV catalog, indicating that there is no publicly reported exploitation data. Because the flaw requires user authentication but allows the server to contact internal resources, attackers with sufficient privileges could perform internal scanning or potentially access privileged services. The risk level remains moderate, contingent on the attacker’s ability to authenticate and the sensitivity of exposed internal resources; full exploitation would still require an authenticated user with permission to invoke the vulnerable endpoint.

Generated by OpenCVE AI on May 1, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Halo to a patched version that resolves the SSRF issue; consult the vendor’s release notes for the fix.
  • Limit the visibility and usage of the /plugins/-/install-from-uri endpoint to only trusted administrators, removing the ability for regular users to trigger the vulnerable path.
  • Enforce network segmentation or firewall rules that block the application server from reaching internal resources that should remain isolated, thereby mitigating the impact of any SSRF attempts.

Generated by OpenCVE AI on May 1, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Halo
Halo halo
Vendors & Products Halo
Halo halo

Thu, 30 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
References

Subscriptions

Halo Halo
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-30T17:55:47.198Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36756

cve-icon Vulnrichment

Updated: 2026-04-30T17:51:00.200Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T16:16:42.280

Modified: 2026-04-30T18:16:28.307

Link: CVE-2026-36756

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses