Description
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery
Action: Patch
AI Analysis

Impact

The flaw allows an attacker to manipulate the X‑Pingback/link header to cause the Typecho server to send arbitrary HTTP requests on the server’s behalf. This server‑side request forgery could allow remote attackers to access internal services, exfiltrate data, or perform denial‑of‑service by flooding outbound connections, all without possessing authentication credentials.

Affected Systems

Typecho versions up to 1.3.0 are affected, specifically the Service::sendPingHandle function within var/Widget/Service.php of the Ping Back Service Endpoint component. No newer releases are mentioned in the advisory, so current installations of 1.3.0 or earlier remain vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity. The EPSS of less than 1% suggests a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the event is triggered by an HTTP request from a client that supplies an arbitrary link header. Successful exploitation would require the application to be reachable from the network and the attacker to supply a crafted X‑Pingback/link value.

Generated by OpenCVE AI on April 28, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest stable Typecho release or apply a vendor‑supplied patch that validates and sanitizes the X‑Pingback/link header and restricts outbound requests from the ping endpoint.
  • If a newer release is unavailable, disable or remove the Ping Back Service Endpoint entirely, either by commenting out the related route in the routing configuration or blocking the /service/ping URL via the web server or firewall.
  • Implement outbound request filtering or proxying so that the application only contacts whitelisted external destinations, thereby mitigating potential SSRF abuse.
  • Consider monitoring outbound HTTP traffic for unexpected internal requests as an additional detection layer.

Generated by OpenCVE AI on April 28, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery
First Time appeared Typecho
Typecho typecho
Weaknesses CWE-918
CPEs cpe:2.3:a:typecho:typecho:*:*:*:*:*:*:*:*
Vendors & Products Typecho
Typecho typecho
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Typecho Typecho
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T13:11:58.514Z

Reserved: 2026-04-25T14:11:33.523Z

Link: CVE-2026-7025

cve-icon Vulnrichment

Updated: 2026-04-27T13:11:55.934Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T08:16:00.227

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7025

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses