Description
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.
Published: 2026-06-11
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to version 1.1 of Garlic‑Hub, authenticated users can misuse the uploadFromUrl endpoint to trigger HTTP requests from the server to arbitrary internal URLs. This Server‑Side Request Forgery (CWE‑918) allows attackers to enumerate internal services, map the network, and retrieve HTTP responses that are then stored in the publicly accessible media pool, effectively leaking internal information and potentially sensitive data.

Affected Systems

The vulnerability affects Garlic‑Hub software from garlic‑signage. All installations running versions earlier than 1.1 are susceptible. No specific sub‑version numbers are listed, so any build prior to 1.1 should be considered impacted.

Risk and Exploitability

The CVSS score of 7.7 indicates a high impact vulnerability. No EPSS data is available, but the absence of a KEV listing suggests no publicly known exploits have been catalogued. Attackers require authentication to the Garlic‑Hub interface; once authenticated, they can manipulate the uploadFromUrl parameter to target any internal service, thus gaining internal reconnaissance capability and data exposure.

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Garlic‑Hub to version 1.1 or later, which removes the SSRF flaw
  • Restrict the uploadFromUrl feature to only allow external URLs that match a predefined allow‑list, denying internal IP ranges
  • Review the media pool for any previously stored internal HTTP responses and remove or sanitise them to prevent accidental disclosure

Generated by OpenCVE AI on June 11, 2026 at 22:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.
Title Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-11T18:38:46.120Z

Reserved: 2026-05-18T21:25:34.497Z

Link: CVE-2026-47170

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-11T19:16:44.890

Modified: 2026-06-11T20:58:18.123

Link: CVE-2026-47170

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:30:09Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)