Description
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.
Published: 2026-06-11
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to version 1.1 of Garlic‑Hub, authenticated users can misuse the uploadFromUrl endpoint to trigger HTTP requests from the server to arbitrary internal URLs. This Server‑Side Request Forgery (CWE‑918) allows attackers to enumerate internal services, map the network, and retrieve HTTP responses that are then stored in the publicly accessible media pool, effectively leaking internal information and potentially sensitive data.

Affected Systems

The vulnerability affects Garlic‑Hub software from garlic‑signage. All installations running versions earlier than 1.1 are susceptible. No specific sub‑version numbers are listed, so any build prior to 1.1 should be considered impacted.

Risk and Exploitability

The CVSS score of 7.7 indicates a high impact vulnerability. No EPSS data is available, but the absence of a KEV listing suggests no publicly known exploits have been catalogued. Attackers require authentication to the Garlic‑Hub interface; once authenticated, they can manipulate the uploadFromUrl parameter to target any internal service, thus gaining internal reconnaissance capability and data exposure.

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Garlic‑Hub to version 1.1 or later, which removes the SSRF flaw
  • Restrict the uploadFromUrl feature to only allow external URLs that match a predefined allow‑list, denying internal IP ranges
  • Review the media pool for any previously stored internal HTTP responses and remove or sanitise them to prevent accidental disclosure

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 13 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Garlic-signage
Garlic-signage garlic-hub
Vendors & Products Garlic-signage
Garlic-signage garlic-hub

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.
Title Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


Subscriptions

Garlic-signage Garlic-hub
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-13T02:34:22.026Z

Reserved: 2026-05-18T21:25:34.497Z

Link: CVE-2026-47170

cve-icon Vulnrichment

Updated: 2026-06-13T02:34:17.625Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T19:16:44.890

Modified: 2026-06-11T20:58:18.123

Link: CVE-2026-47170

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:50Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)